General

  • Target

    8ea30624b10547e6fcac167721dbc7c2.bin

  • Size

    723KB

  • Sample

    230120-q3ptfaba42

  • MD5

    2a8f52f48c49752836f03de28ddb6dcd

  • SHA1

    f91e23c36811af50180f6a12b9c43d62eb718fd6

  • SHA256

    1075584d25d97cc57533571e9f55327a37137f6f5e493ba6491b783965b64be8

  • SHA512

    9cde9990136a896780b4ae00b127a477cb95a32d57101d5b2be11d89a4f84464b19436894b0e0e9a32ac310242ab6d34c9d01fdc48837eed6b0c767fd3ac7885

  • SSDEEP

    12288:WwDl6ZchbX8FXb1HvzGNh0jmseiMqK3ypTLFZSAwmRKRNZp4RaDlGvxna8ztnPFp:Wi62bMzvEh3NqK3yBvSAwwA4rJtztPFp

Malware Config

Extracted

Family

socelars

C2

https://hdbywe.s3.us-west-2.amazonaws.com/adwwe09/

Targets

    • Target

      c8d105203dd6677d75ecbaf5c3e09fa51690ff27a0d25230ce4b49a8221e06d1.exe

    • Size

      1.4MB

    • MD5

      8ea30624b10547e6fcac167721dbc7c2

    • SHA1

      981149695b44b25f4d0afb05d336456a675803a4

    • SHA256

      c8d105203dd6677d75ecbaf5c3e09fa51690ff27a0d25230ce4b49a8221e06d1

    • SHA512

      83a99056e51401296c81ef8444a5c218d6cbb3218f3a93d2e218c5ed898e136543584b071128fbed1424654cdb3982b676fd0bb41e71419ac5821dceaf8ad5cb

    • SSDEEP

      24576:VJSLpwfVWRh0SGQ48Lm2194mKa4qrNdW9NTPjaRNqB6l:Vup62ESMTjTPjarqMl

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks