General

  • Target

    0957d93fdaa7cd5e3eaa0b5a044b0060.exe

  • Size

    675KB

  • Sample

    220911-rmaj9abga9

  • MD5

    0957d93fdaa7cd5e3eaa0b5a044b0060

  • SHA1

    ba16844647ca63f9df6afe5c8b07bdeca651d40d

  • SHA256

    1e6efbb54a29348d688c7bb9b2c187807bbc880e151eb2c3c56324b919f1b85e

  • SHA512

    fb6ac972e5443744b537387c75bdeddbf73b799c06f5d8746c4586e2f062e72c05cb45bd7b601f55d71aac7e6ee22fddbebe306297bdec9a4159865835cb221c

  • SSDEEP

    12288:NtyrRUMSRigC+9Cp0kDQUIXf8hrtOqjE6LNvEjWHnQqryAvadG+7sV8:NklULlkBIXf8VtrLvE9qrerU8

Malware Config

Extracted

Family

socelars

C2

https://dfgrthres.s3.eu-west-3.amazonaws.com/asdhs909/

Targets

    • Target

      0957d93fdaa7cd5e3eaa0b5a044b0060.exe

    • Size

      675KB

    • MD5

      0957d93fdaa7cd5e3eaa0b5a044b0060

    • SHA1

      ba16844647ca63f9df6afe5c8b07bdeca651d40d

    • SHA256

      1e6efbb54a29348d688c7bb9b2c187807bbc880e151eb2c3c56324b919f1b85e

    • SHA512

      fb6ac972e5443744b537387c75bdeddbf73b799c06f5d8746c4586e2f062e72c05cb45bd7b601f55d71aac7e6ee22fddbebe306297bdec9a4159865835cb221c

    • SSDEEP

      12288:NtyrRUMSRigC+9Cp0kDQUIXf8hrtOqjE6LNvEjWHnQqryAvadG+7sV8:NklULlkBIXf8VtrLvE9qrerU8

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Socelars payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks