General

  • Target

    5e03548656da3a6392b276e362cb6c4d.bin

  • Size

    723KB

  • Sample

    230116-y9lz5ada76

  • MD5

    22544dc909fb4ce047adba84d97e5672

  • SHA1

    61ac4fb62eeb74015e25ebf535c51bd174462bbb

  • SHA256

    9ce57ec743c8b9f4cb04ee02583135262807040d48704a7bd325a37561a81658

  • SHA512

    5d4ef84fbdf7c90a4ded5e01f72cf7fb96d676127c5a0f43c2ff02bcf42cfc9e6052c6e695eb46a6e9d9262070876fd1f20cb915e1503f43d9ef2b1ecd88e27b

  • SSDEEP

    12288:VyvyogF36vi2mb3pblKMNU5DzN2qbTASNdKou/9KQSY9hAwqsivbce:VyFgKmbNlKsUBN9TA+7u/9KRxAe

Malware Config

Extracted

Family

socelars

C2

https://hdbywe.s3.us-west-2.amazonaws.com/sadffew26/

Targets

    • Target

      60d11fb3b97ad05b88c50df1cd9120bc151853e55169ee990af5a906a80b878d.exe

    • Size

      1.4MB

    • MD5

      5e03548656da3a6392b276e362cb6c4d

    • SHA1

      64956373aad97885f8d97e493e2427a98fe13557

    • SHA256

      60d11fb3b97ad05b88c50df1cd9120bc151853e55169ee990af5a906a80b878d

    • SHA512

      a85ec6305a7fc4293f60fdbb99be344cd9e7adf38002663105919bc2b62393f6185624ce1175cb87027ca59bb90bdf4a412701d32164e8c48511a9a5551b1315

    • SSDEEP

      24576:FJSLpwfVWRh0SGQ48Lm2194mKa4qrNdW9NTPjapEqBvbE:Fup62ESMTjTPjamqtQ

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks