socelars | c7bb8ef7307caaf62d84ab706dfb41059ee39bc345cfc49b2b60ff70f0f4a240 | Triage

Sharing

General

Target

1JATLV2V.zip
Size

702KB
Sample

230214-1l7yssfh9z
MD5

9432576b7508d5eaca738572ab453f7e
SHA1

998e2447c44f0d273169c0411854ce7c36c7d249
SHA256

c7bb8ef7307caaf62d84ab706dfb41059ee39bc345cfc49b2b60ff70f0f4a240
SHA512

7e53a3f31fb06d594da153e559b686574e208d6e131a7f247941562a1e181717c1d72c1bed57ad5694daf002ce30ae9ff2bfd79c29d62d9d969ea64797061ce4
SSDEEP

12288:V7/hizi33/pys9MIBIGReXfLDbyjmnWjwChRHfQf9U9Shvy0xekEh:VL3/pyZPOeXfemWjX3mU9JZh

Score

10^/10

socelars spyware stealer

Malware Config

Extracted

Family

socelars

C2

https://hdbywe.s3.us-west-2.amazonaws.com/dweg26/

Targets

- Target
  
  1JATLV2V.zip
- Size
  
  702KB
- MD5
  
  9432576b7508d5eaca738572ab453f7e
- SHA1
  
  998e2447c44f0d273169c0411854ce7c36c7d249
- SHA256
  
  c7bb8ef7307caaf62d84ab706dfb41059ee39bc345cfc49b2b60ff70f0f4a240
- SHA512
  
  7e53a3f31fb06d594da153e559b686574e208d6e131a7f247941562a1e181717c1d72c1bed57ad5694daf002ce30ae9ff2bfd79c29d62d9d969ea64797061ce4
- SSDEEP
  
  12288:V7/hizi33/pys9MIBIGReXfLDbyjmnWjwChRHfQf9U9Shvy0xekEh:VL3/pyZPOeXfemWjX3mU9JZh
Score

1^/10
behavioral1 behavioral2
- Target
  
  NagTracking[1].htm
- Size
  
  178B
- MD5
  
  bd2695f4b079c71dbddde3436286fb9c
- SHA1
  
  733c05da132193d6cf1d8e242d12e2525c03bab4
- SHA256
  
  2e04a18ff185ba5b16f762a0538339bc4049aceaef9738edd43af77d2ceb788b
- SHA512
  
  5b73af24d095f7593026d3f211da6775d91c2efb5cdb0e0258ccca8edd3f8645cdf80d8338c863794d260f4bca08637233be3548d83e7225518dee2f47560798
Score

1^/10
behavioral3 behavioral4
- Target
  
  NagTracking[2].htm
- Size
  
  178B
- MD5
  
  bd2695f4b079c71dbddde3436286fb9c
- SHA1
  
  733c05da132193d6cf1d8e242d12e2525c03bab4
- SHA256
  
  2e04a18ff185ba5b16f762a0538339bc4049aceaef9738edd43af77d2ceb788b
- SHA512
  
  5b73af24d095f7593026d3f211da6775d91c2efb5cdb0e0258ccca8edd3f8645cdf80d8338c863794d260f4bca08637233be3548d83e7225518dee2f47560798
Score

1^/10
behavioral5 behavioral6
- Target
  
  getipaddress[1].htm
- Size
  
  178B
- MD5
  
  bd2695f4b079c71dbddde3436286fb9c
- SHA1
  
  733c05da132193d6cf1d8e242d12e2525c03bab4
- SHA256
  
  2e04a18ff185ba5b16f762a0538339bc4049aceaef9738edd43af77d2ceb788b
- SHA512
  
  5b73af24d095f7593026d3f211da6775d91c2efb5cdb0e0258ccca8edd3f8645cdf80d8338c863794d260f4bca08637233be3548d83e7225518dee2f47560798
Score

1^/10
behavioral7 behavioral8
- Target
  
  handdiy_4[1].exe
- Size
  
  1.4MB
- MD5
  
  48d5a5b590d2c7542893a54ff3b7a3f2
- SHA1
  
  cfe9ac380166b4e1fe0f76fb5f0438c4866c4411
- SHA256
  
  9afa9957656afbed14bedf108cd70765a3bec19394607f26f40dd576ca3f2518
- SHA512
  
  7f021b3fc9426d8c762f861837d3d721f9bc83b9ecdaa4920d8b4f3aee1e67f8ddd246c927d71b445186a33cca95f53daf9ba517bd638ce2f544860e2a8e8f05
- SSDEEP
  
  24576:qkcFpATU9Sz4OGu9Tcl2wkQcUJsqrN8X1B0vPXROKppgtiC:qxpjqnnZn+vPXgIpSiC
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral10 behavioral9
- Target
  
  plus[1].htm
- Size
  
  1B
- MD5
  
  cfcd208495d565ef66e7dff9f98764da
- SHA1
  
  b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
- SHA256
  
  5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
- SHA512
  
  31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12