General

  • Target

    27490039a7551fc63470480c76f9c61a29fe38b9c877b335278739c8d5412782

  • Size

    622KB

  • Sample

    220908-hdt3vsdhc6

  • MD5

    c75aa8945b0a5e10aa9bc03ae3910d5f

  • SHA1

    1317013fb7865bb5cfc97122a48be83ea3f47e13

  • SHA256

    a71886a9522f76a28d2f2c71f6949f139d059b2a3b83b6fdc3da79438f95c6b4

  • SHA512

    005a6a81dac82da00b9bf7c73368b12abc1cbcb11655ce030f79ecdf0f18b9ad000dec102270605b18a1c48335c7793a2fd5e9ed5c11417a546645559adcf248

  • SSDEEP

    12288:twb/UlzeshPMWLPWbCoCOmU4qbSueq5NMHWsFciHedSCfI5IF3dn:twb/U0shPFa3Haq+Uj1i8I5In

Malware Config

Extracted

Family

socelars

C2

https://hueduy.s3.eu-west-1.amazonaws.com/dhfry901/

Targets

    • Target

      27490039a7551fc63470480c76f9c61a29fe38b9c877b335278739c8d5412782

    • Size

      675KB

    • MD5

      484d84fe0c5456e1b8cb9349e01e26d4

    • SHA1

      995e83d0c1140a165ebe32cdd1a2dad49c1731fd

    • SHA256

      27490039a7551fc63470480c76f9c61a29fe38b9c877b335278739c8d5412782

    • SHA512

      187b3e29ffb5e132709825479c9131be4ceb8736c488161c5ddb10d716b64bd4c06d7c570e14b508f56e6370466f1bb5eebad897ccaf2de1c552ce6e7c2bbbfb

    • SSDEEP

      12288:/4wymABpXFdYopRyqUoeGN+t3+y8diXIpjD5nCypNxXdhMFM3xOwCnxTKWtrV9NP:NbOpXIoOaI9+NdiYpXBCyrxXsMhMmIN

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Socelars payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks