General
-
Target
4551bd67d551611259cdb34737e074ccc6b6f59a8eab6b3248e6e7e4db355c75
-
Size
338KB
-
Sample
220804-fa747scaeq
-
MD5
793baa6ac5434001bdbc8597e4c74b91
-
SHA1
942cec338600ef1e2e9e1a5e2c27942efaf31835
-
SHA256
4551bd67d551611259cdb34737e074ccc6b6f59a8eab6b3248e6e7e4db355c75
-
SHA512
d965d3dc103b2d8144e5463ff28baa9d137736dfbbb1836391f34a2e1fa056177eb09d6fbd9c1e3d9a548dff60c43ff1bf23ba70203e5beaaa205ac096b08145
Static task
static1
Malware Config
Extracted
socelars
https://hueduy.s3.eu-west-1.amazonaws.com/dkfjrg725/
Targets
-
-
Target
4551bd67d551611259cdb34737e074ccc6b6f59a8eab6b3248e6e7e4db355c75
-
Size
338KB
-
MD5
793baa6ac5434001bdbc8597e4c74b91
-
SHA1
942cec338600ef1e2e9e1a5e2c27942efaf31835
-
SHA256
4551bd67d551611259cdb34737e074ccc6b6f59a8eab6b3248e6e7e4db355c75
-
SHA512
d965d3dc103b2d8144e5463ff28baa9d137736dfbbb1836391f34a2e1fa056177eb09d6fbd9c1e3d9a548dff60c43ff1bf23ba70203e5beaaa205ac096b08145
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Socelars payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-