General

  • Target

    c0d181d86bc83c6fb9d4d63d1b468043.bin

  • Size

    604KB

  • Sample

    230116-2frkasae2v

  • MD5

    3689c7c22a825814e112a7a08a867f6c

  • SHA1

    6e45fbf8ac552e061a14803c3d8859490df19024

  • SHA256

    eb90c0cf7ff51a1b62be32f87c9c2e71baed3aef4a55e60380c9531ded629777

  • SHA512

    7c69eb891172b23fc6d7ee4d3e14940e158ea6f7eaa05e1d0a70176b35a3a7362595fd2f2df21c374b920e4f980bbff2e6a8e780a7d53a2672877011ca5ba2a8

  • SSDEEP

    12288:m+MvlUkS0wA4Bzm6nUqMpfW3LwkAR/tKnlqG7qxTje5RBqtLDNg8wFXIHZWhqL:ivQxA4zU2pAR/y7NGtNWFVqL

Malware Config

Extracted

Family

socelars

C2

https://hdbywe.s3.us-west-2.amazonaws.com/wduwe19/

Targets

    • Target

      caf74292c323c1938f0b074f4cdbb3a46449427915b05023e0142ecb9ff52dea.exe

    • Size

      675KB

    • MD5

      c0d181d86bc83c6fb9d4d63d1b468043

    • SHA1

      a3259aff0cf014a506d0eacf02cca9954523b1b0

    • SHA256

      caf74292c323c1938f0b074f4cdbb3a46449427915b05023e0142ecb9ff52dea

    • SHA512

      5e75e9fcf86f2e3710132fe82afa582a247d1e4810177a2a23c628fd50e5922db37df93a57f1807f11f4d8d48b124600ff7cc04dffa97bb5d24a8398957a1f87

    • SSDEEP

      12288:eqlMhfymUyZzk8ri+hcGgn9cJBJYGahyHY2oSjPWCBzZ68:e5kxyZFe+hcGEXGwiY2jy6Z

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Socelars payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks