General

  • Target

    e646024441167df16bc4168059c6b527c9e07a4ddf63daac8054a3a2a75b46ef

  • Size

    723KB

  • Sample

    220913-dvnvyseeg9

  • MD5

    25d499b18d8282d7cc5c98cc8a7caea7

  • SHA1

    b9fd167582a3209245c2cd60bd36d34d5486bda7

  • SHA256

    e646024441167df16bc4168059c6b527c9e07a4ddf63daac8054a3a2a75b46ef

  • SHA512

    e19a07e3a65c92d53608aeb606ebeb479b8d8bfdae74b2ffd678dd94b1fe9000f539f676c1be8edad488f8da089e987a504bcfa3a1e0aec52a7a1a30b98fbe4c

  • SSDEEP

    12288:uyhveJM56XGvHq/xrJwUXD/vesjnOf3eMthkBtk:uEgXnreUT/veWOP3Itk

Malware Config

Extracted

Family

socelars

C2

https://dfgrthres.s3.eu-west-3.amazonaws.com/asdhs909/

Targets

    • Target

      e646024441167df16bc4168059c6b527c9e07a4ddf63daac8054a3a2a75b46ef

    • Size

      723KB

    • MD5

      25d499b18d8282d7cc5c98cc8a7caea7

    • SHA1

      b9fd167582a3209245c2cd60bd36d34d5486bda7

    • SHA256

      e646024441167df16bc4168059c6b527c9e07a4ddf63daac8054a3a2a75b46ef

    • SHA512

      e19a07e3a65c92d53608aeb606ebeb479b8d8bfdae74b2ffd678dd94b1fe9000f539f676c1be8edad488f8da089e987a504bcfa3a1e0aec52a7a1a30b98fbe4c

    • SSDEEP

      12288:uyhveJM56XGvHq/xrJwUXD/vesjnOf3eMthkBtk:uEgXnreUT/veWOP3Itk

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Socelars payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks