General

  • Target

    27490039a7551fc63470480c76f9c61a29fe38b9c877b335278739c8d5412782

  • Size

    675KB

  • Sample

    220908-gat31sdgf4

  • MD5

    484d84fe0c5456e1b8cb9349e01e26d4

  • SHA1

    995e83d0c1140a165ebe32cdd1a2dad49c1731fd

  • SHA256

    27490039a7551fc63470480c76f9c61a29fe38b9c877b335278739c8d5412782

  • SHA512

    187b3e29ffb5e132709825479c9131be4ceb8736c488161c5ddb10d716b64bd4c06d7c570e14b508f56e6370466f1bb5eebad897ccaf2de1c552ce6e7c2bbbfb

  • SSDEEP

    12288:/4wymABpXFdYopRyqUoeGN+t3+y8diXIpjD5nCypNxXdhMFM3xOwCnxTKWtrV9NP:NbOpXIoOaI9+NdiYpXBCyrxXsMhMmIN

Malware Config

Extracted

Family

socelars

C2

https://hueduy.s3.eu-west-1.amazonaws.com/dhfry901/

Targets

    • Target

      27490039a7551fc63470480c76f9c61a29fe38b9c877b335278739c8d5412782

    • Size

      675KB

    • MD5

      484d84fe0c5456e1b8cb9349e01e26d4

    • SHA1

      995e83d0c1140a165ebe32cdd1a2dad49c1731fd

    • SHA256

      27490039a7551fc63470480c76f9c61a29fe38b9c877b335278739c8d5412782

    • SHA512

      187b3e29ffb5e132709825479c9131be4ceb8736c488161c5ddb10d716b64bd4c06d7c570e14b508f56e6370466f1bb5eebad897ccaf2de1c552ce6e7c2bbbfb

    • SSDEEP

      12288:/4wymABpXFdYopRyqUoeGN+t3+y8diXIpjD5nCypNxXdhMFM3xOwCnxTKWtrV9NP:NbOpXIoOaI9+NdiYpXBCyrxXsMhMmIN

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Socelars payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks