General

  • Target

    d235a8dc876fd9cfd85bc4eda30c02b1a15935a97525328d82dac766b3e002a1

  • Size

    723KB

  • Sample

    220913-dw49bsachp

  • MD5

    f7d97c609b5eacb5c5d0595d2c869139

  • SHA1

    e7b8ede99dd7a1636ef0a3a1142bcbc63557b868

  • SHA256

    d235a8dc876fd9cfd85bc4eda30c02b1a15935a97525328d82dac766b3e002a1

  • SHA512

    8a1b6c0a5749f1ecd71180cc3ed6f14ccb7ad0bc9ada9eef9e51faa4c8bcf4cf3789a393dc8ba645cb9bf176b765fa86d6b9cf399c5213d8607f51dbad2d782a

  • SSDEEP

    12288:0yhveJM56XGvHq/xrJwUXD/vesjnOfnF4BDquU3BEk:0EgXnreUT/veWOWBGgk

Malware Config

Extracted

Family

socelars

C2

https://dfgrthres.s3.eu-west-3.amazonaws.com/asdhs909/

Targets

    • Target

      d235a8dc876fd9cfd85bc4eda30c02b1a15935a97525328d82dac766b3e002a1

    • Size

      723KB

    • MD5

      f7d97c609b5eacb5c5d0595d2c869139

    • SHA1

      e7b8ede99dd7a1636ef0a3a1142bcbc63557b868

    • SHA256

      d235a8dc876fd9cfd85bc4eda30c02b1a15935a97525328d82dac766b3e002a1

    • SHA512

      8a1b6c0a5749f1ecd71180cc3ed6f14ccb7ad0bc9ada9eef9e51faa4c8bcf4cf3789a393dc8ba645cb9bf176b765fa86d6b9cf399c5213d8607f51dbad2d782a

    • SSDEEP

      12288:0yhveJM56XGvHq/xrJwUXD/vesjnOfnF4BDquU3BEk:0EgXnreUT/veWOWBGgk

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Socelars payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks