General
-
Target
dc1a9f6a302906f09f414d81100c6bebcaf8d7342d83f926c7aa6c0812e18374
-
Size
127KB
-
Sample
220803-zkwzgagcaj
-
MD5
06f81bc5cf78e3c199aba72a641826f7
-
SHA1
5a14752d4bfb6757682e46876ad9e3b25a92e79f
-
SHA256
3f3fa91a2eb7a68fbd839fcdda999cd0123b7c96c1f829500f0cf14faa58c4fd
-
SHA512
2551fd81d51be5587d0d037f29a8db18e3f7429eda36b8f39e66354ed8601b5d983a0a2d3a3ea0191d569be42a4a4f3de023abb6a01888e7578fc6faa2142e28
Static task
static1
Behavioral task
behavioral1
Sample
dc1a9f6a302906f09f414d81100c6bebcaf8d7342d83f926c7aa6c0812e18374.exe
Resource
win7-20220715-en
Malware Config
Extracted
socelars
https://hueduy.s3.eu-west-1.amazonaws.com/dkfjrg725/
Targets
-
-
Target
dc1a9f6a302906f09f414d81100c6bebcaf8d7342d83f926c7aa6c0812e18374
-
Size
181KB
-
MD5
1027d4214c0765f7020317cc2aa342ff
-
SHA1
3cebe169ddfbd3f4ef38335c06d1a3b6575882e3
-
SHA256
dc1a9f6a302906f09f414d81100c6bebcaf8d7342d83f926c7aa6c0812e18374
-
SHA512
dbbb79c88b72e08f3bc5ce4b75b214caa6f080c6915b8bc213a03f9a3c21629fc1c0f5d455847f7ab06a5beaad85cbb7bba208472937e63926d639f5caac2c52
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Socelars payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-