Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    403407cefc4517ba2c675ef5967b20f485b8a0f9d176492e27c2c5d1d5725526

  • Size

    679KB

  • Sample

    220911-q3873sbfe7

  • MD5

    d66dea4ee4b108ec60e2892e04ee009a

  • SHA1

    829c6e9530ace96c13651448310a1c3d554b351e

  • SHA256

    403407cefc4517ba2c675ef5967b20f485b8a0f9d176492e27c2c5d1d5725526

  • SHA512

    ef228caacd2fe8a8a9c5d31d709f859e1a9371638aafab7e8d98a3ea026e9423c5228cffc52b17d448ee3ace0b347ac4ccbad91b25e9c3542bcd3076ef56c5ae

  • SSDEEP

    12288:fTbgFqmIJPmlgJ6Os2PrpCgSqHFcHkneLzMbNy5DVfx0SyZAEXkJX45QPLECpY7s:fTkFtIJPmy0Os2PtOqlcsoMb43xZaXSB

Malware Config

Extracted

Family

socelars

C2

https://dfgrthres.s3.eu-west-3.amazonaws.com/asdhs909/

Targets

    • Target

      403407cefc4517ba2c675ef5967b20f485b8a0f9d176492e27c2c5d1d5725526

    • Size

      679KB

    • MD5

      d66dea4ee4b108ec60e2892e04ee009a

    • SHA1

      829c6e9530ace96c13651448310a1c3d554b351e

    • SHA256

      403407cefc4517ba2c675ef5967b20f485b8a0f9d176492e27c2c5d1d5725526

    • SHA512

      ef228caacd2fe8a8a9c5d31d709f859e1a9371638aafab7e8d98a3ea026e9423c5228cffc52b17d448ee3ace0b347ac4ccbad91b25e9c3542bcd3076ef56c5ae

    • SSDEEP

      12288:fTbgFqmIJPmlgJ6Os2PrpCgSqHFcHkneLzMbNy5DVfx0SyZAEXkJX45QPLECpY7s:fTkFtIJPmy0Os2PtOqlcsoMb43xZaXSB

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Socelars payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks