General
-
Target
7b4446bd6b0466c89aeb637058458c9f8f870a152006301fc5ad2eb7ed04b7ff
-
Size
127KB
-
Sample
220803-yqefyaehb7
-
MD5
f715ba2d8cff1340d49c1a14d3d49a97
-
SHA1
d099c532177df5034845d4b53d812b42b3b914c8
-
SHA256
8e72678453341281ff6069284596b3eb78c616a97f400865bc5e34d922c359ba
-
SHA512
ca2e7096e11c52bed9e9f174fef0323795b0666cd0836ab47091dfd5580fe7be95f9d1d07c2d98356ab23010bb79d7a75e661e5954fee61237cec34d3adf3f80
Static task
static1
Behavioral task
behavioral1
Sample
7b4446bd6b0466c89aeb637058458c9f8f870a152006301fc5ad2eb7ed04b7ff.exe
Resource
win7-20220715-en
Malware Config
Extracted
socelars
https://hueduy.s3.eu-west-1.amazonaws.com/dkfjrg725/
Targets
-
-
Target
7b4446bd6b0466c89aeb637058458c9f8f870a152006301fc5ad2eb7ed04b7ff
-
Size
181KB
-
MD5
0ea509d2538dbd8b2e13ed3d4bc37878
-
SHA1
04e45ea70b426a2d52dfa0fcf0c5ca2bc2bb5beb
-
SHA256
7b4446bd6b0466c89aeb637058458c9f8f870a152006301fc5ad2eb7ed04b7ff
-
SHA512
d6770de999e6c6c05754616ada4ba79ec0aa853d19f30d8818c5d636845aab6be3ac2b8f967c3fcfe9169b1c441348d09cd45098d3e24d217062960d32254e51
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Socelars payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-