General

  • Target

    0a92aec8644b6bdcda675725300b2d3cc9ed0298c28b27c96d126256a9644be1.exe

  • Size

    1.4MB

  • Sample

    221201-x8swlsge31

  • MD5

    b11d6882882f9f4accf31a308eae5611

  • SHA1

    74a867d3d0dd1e4e70da7e5850c569d58c373c2f

  • SHA256

    0a92aec8644b6bdcda675725300b2d3cc9ed0298c28b27c96d126256a9644be1

  • SHA512

    07d075202ff2fc1775e9967c7f9db287756e68866ab7aeb13de0b8edee562fbd5b394098726a26b052c4483d721bbcd2ea6930e7e583140c21f36369fb056fe7

  • SSDEEP

    24576:gJSLpwfVWRh0SGQ48Lm2194mKa4qrNdW9NTPjaFuqByQ:gup62ESMTjTPja8q8Q

Malware Config

Extracted

Family

socelars

C2

https://hdbywe.s3.us-west-2.amazonaws.com/sauydga27/

Targets

    • Target

      0a92aec8644b6bdcda675725300b2d3cc9ed0298c28b27c96d126256a9644be1.exe

    • Size

      1.4MB

    • MD5

      b11d6882882f9f4accf31a308eae5611

    • SHA1

      74a867d3d0dd1e4e70da7e5850c569d58c373c2f

    • SHA256

      0a92aec8644b6bdcda675725300b2d3cc9ed0298c28b27c96d126256a9644be1

    • SHA512

      07d075202ff2fc1775e9967c7f9db287756e68866ab7aeb13de0b8edee562fbd5b394098726a26b052c4483d721bbcd2ea6930e7e583140c21f36369fb056fe7

    • SSDEEP

      24576:gJSLpwfVWRh0SGQ48Lm2194mKa4qrNdW9NTPjaFuqByQ:gup62ESMTjTPja8q8Q

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Tasks