General

  • Target

    4cebc317838f7c29e49e85c4fdae46a636b43fe1a5eb93b6af4e91b6ccb44bf6

  • Size

    752KB

  • Sample

    230313-jrt6fshb88

  • MD5

    10a8125c3e43b31e26ee6f4b9b65a548

  • SHA1

    bbe9109f18481b834f42d24288467342e571a899

  • SHA256

    1aefb39cdd24ab1697e1a86be98280c86e559b5cbfba736ee2981a4b17a1394c

  • SHA512

    7749fa7e6c779981194cf074dbffe923980d078381948c6bc5c75cc6957bc803b78428cc0ac7423af0776863ce5183251fc1a656b1607cef13ca49b2fec55d67

  • SSDEEP

    12288:XjCfB1FsqcA6WYp+4LQPwQnO3RaNXUcS3uEFQ2kN7LySbSq8nQU9XungNxvUoICc:XjCfB8q3YEaqwNBaNXTquEQN7req8np+

Malware Config

Extracted

Family

socelars

C2

https://hdbywe.s3.us-west-2.amazonaws.com/sadef33/

Targets

    • Target

      4cebc317838f7c29e49e85c4fdae46a636b43fe1a5eb93b6af4e91b6ccb44bf6

    • Size

      1.4MB

    • MD5

      a451f53ee83063ba1d7ca92d76b35f89

    • SHA1

      9c283e55e6d15f47106d65950253183f12a01ed9

    • SHA256

      4cebc317838f7c29e49e85c4fdae46a636b43fe1a5eb93b6af4e91b6ccb44bf6

    • SHA512

      b1d2f20c8b39b9fea14f7e10c3837c6836c3ef1eed042f4560b980f48311840e955785ce2c01c804edb77dc43e09e1e0ecd7fe0f3580d3689340d68c77fd6c05

    • SSDEEP

      24576:sVYkTpy0OVnKhXJ04BJFKA3wRKB7a9WscrmCqeQrEnG5hBthW:QpJOl8xFMRy/SeQgG5TDW

    Score
    7/10
    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Tasks