General

  • Target

    8ae9f4c47ad8ae96cdd24215d1a0c2ea.bin

  • Size

    723KB

  • Sample

    230120-q293zsfh8w

  • MD5

    14aae6126674e73d43afa943baeb8639

  • SHA1

    4c9cf1b67a51c5c5084736f716335fb5d65089d9

  • SHA256

    e6718df0346a1311f09ab20d03f7e48c1cdd8eddfa0afa34573cf5500c104248

  • SHA512

    4cb7ccc53d2ed45ecb4aa8b9549908a58728a8b44f6a3f8bca04bd60bc52ff3750a2002106f28035f27681c972906c23cffa7852aef62800d4bb688736ff69af

  • SSDEEP

    12288:wHXpYUEUgNfj9zwuGFZIDznSfUJtJweJG9+WijdC5ubnA5TRvoGOzoEWr4eKM:pqgNbl5aZIfScJTweG9L75ur41vfM1WL

Malware Config

Extracted

Family

socelars

C2

https://hdbywe.s3.us-west-2.amazonaws.com/adwwe09/

Targets

    • Target

      332569403e02781f3b8148bd05ab7ee1714e14c8e703beae24a63daa6bcf165a.exe

    • Size

      1.4MB

    • MD5

      8ae9f4c47ad8ae96cdd24215d1a0c2ea

    • SHA1

      a9d64d5cbb885f9ee686be3db55dcab9c0b4e1a2

    • SHA256

      332569403e02781f3b8148bd05ab7ee1714e14c8e703beae24a63daa6bcf165a

    • SHA512

      bc68f7c4814d93fffb1d505eb2f35e777eea514f612b4414644a3c394b3ecc38f62d3cf7213f0068cad26bac5fb1a0fbf522d1b5c68cc39096055f9c7cff5209

    • SSDEEP

      24576:FJSLpwfVWRh0SGQ48Lm2194mKa4qrNdW9NTPjaVnqBKl:Fup62ESMTjTPjadq8l

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks