General

  • Target

    f8fd8d27d1095acc5eb426d194f48648.bin

  • Size

    723KB

  • Sample

    230117-kcr8zsgh7x

  • MD5

    391be568fc8bdabcbd8bddee7c7a3963

  • SHA1

    ae4f6017d19eb2b5f45acae5662ffcb9b69661e3

  • SHA256

    76b8efb32f9fe106dc0ec1170f2c71fe8296cddad8d56ef2572be3f334487a94

  • SHA512

    61d349b386a9de8cd00888ed3e18db1ca62a16f1c4d6e0fd33c4b228951f759d8bb8e1fb5e59309092c0bbfbc495cac6fccdeca2fc0a4bfb0fc957c7a25ca3aa

  • SSDEEP

    12288:2rTOw5WHXsB0QzeFdIBkJS2lbEMQ9TnvhnpKWA5OUwO+xOBhnTafC1fZuwGXRbgC:6n5W36zeF542loMQ9jJnJxbOggsfaZuF

Malware Config

Extracted

Family

socelars

C2

https://hdbywe.s3.us-west-2.amazonaws.com/sadffew26/

Targets

    • Target

      6a2666e2568c70f1ae4616fb5400aefd1d2c1716b0f02d0bac2c9b1d9e41babc.exe

    • Size

      1.4MB

    • MD5

      f8fd8d27d1095acc5eb426d194f48648

    • SHA1

      28616d148b0e01394538873acad076d6e663878b

    • SHA256

      6a2666e2568c70f1ae4616fb5400aefd1d2c1716b0f02d0bac2c9b1d9e41babc

    • SHA512

      bec8fa58c1c379fd60bce53fcfd007db19ff812f0fd0e526d3cfdcfb8f83278f0734e9088b4e14d9aa4b1f94737045a9a7680db195038cca89f8f93404ac1da5

    • SSDEEP

      24576:jJSLpwfVWRh0SGQ48Lm2194mKa4qrNdW9NTPjaZWqBXbE:jup62ESMTjTPjakq1Q

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks