General

  • Target

    9b4d2558b8a5691f9742539136bc143e.bin

  • Size

    722KB

  • Sample

    230116-1jr5kadh75

  • MD5

    4dd888ae51a8bb33c54b2d34559bfa8b

  • SHA1

    f1823a2a8e6a2dadee5fd37a0a1501aae08c6515

  • SHA256

    95e827950fede71f5f5407408fc76cc6f8216940128235dff82229cd3d6c5338

  • SHA512

    3754bcc11790fb2da6afbef1c5ca99b177f77080b3d0558b196c70e27df1a2961fe2ee879e5d7a52869bea6a1bf4e8c3d595d6a0cabcf4348f625fe09b06b964

  • SSDEEP

    12288:LmMKdW8bPuaA4gFWf+JWAzVHpYK+Yod4ovyE5OiS0mAxPQ1OaGfbkBZrQPUqGRyK:YbBlmJWAZHkV4ovyEgyPM8eZrKUpj

Malware Config

Extracted

Family

socelars

C2

https://hdbywe.s3.us-west-2.amazonaws.com/wduwe19/

Targets

    • Target

      3bd59ff711c0fb028a6c245c12eaf719176a1c94100d7b2223bb4bbf7a3da8f4.exe

    • Size

      1.4MB

    • MD5

      9b4d2558b8a5691f9742539136bc143e

    • SHA1

      988bb4bb31b35fad52731e08e3b12cf47f4d9194

    • SHA256

      3bd59ff711c0fb028a6c245c12eaf719176a1c94100d7b2223bb4bbf7a3da8f4

    • SHA512

      7f03da079dff95284345fcca5c7d1b9fdc168ca967f000c415204e64be6dfda193f6dd8a3f53ae8e70281e8b1b437670fb459ad2042a79423cc39a6975019dfc

    • SSDEEP

      24576:pJSLpwfVWRh0SGQ48Lm2194mKa4qrNdW9NTPjahuqBYR:pup62ESMTjTPjaIqSR

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks