General
-
Target
a8aafa2d874cfa7780add830ee89d00ba49763ada3ac455bcd7eb6e5bc584c72
-
Size
339KB
-
Sample
220804-apgmxaaabp
-
MD5
96e59d8fb60db6d8223432327ac00f8b
-
SHA1
3bac5506f983347b0d950afc957e8f90443737a6
-
SHA256
a8aafa2d874cfa7780add830ee89d00ba49763ada3ac455bcd7eb6e5bc584c72
-
SHA512
980cf34656c6c6e392351a893605f1b34545dc1ffe7ead79afb26af72aadd697b221c373e7549f937de6f36f9089de038f5ac11638a50cb27fbbfd781d02e180
Static task
static1
Malware Config
Extracted
socelars
https://hueduy.s3.eu-west-1.amazonaws.com/dkfjrg725/
Targets
-
-
Target
a8aafa2d874cfa7780add830ee89d00ba49763ada3ac455bcd7eb6e5bc584c72
-
Size
339KB
-
MD5
96e59d8fb60db6d8223432327ac00f8b
-
SHA1
3bac5506f983347b0d950afc957e8f90443737a6
-
SHA256
a8aafa2d874cfa7780add830ee89d00ba49763ada3ac455bcd7eb6e5bc584c72
-
SHA512
980cf34656c6c6e392351a893605f1b34545dc1ffe7ead79afb26af72aadd697b221c373e7549f937de6f36f9089de038f5ac11638a50cb27fbbfd781d02e180
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Socelars payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-