General

  • Target

    b30d0a4d141676b9f710333bca0523d5167cda1381c288aaf0b14f4f0afb6700

  • Size

    1.4MB

  • Sample

    230404-w5s7jabb4w

  • MD5

    fa82f3a118b758e6253a9082624a2367

  • SHA1

    5615c1ae97da5274844eec984d1801b59a2475bd

  • SHA256

    b30d0a4d141676b9f710333bca0523d5167cda1381c288aaf0b14f4f0afb6700

  • SHA512

    5f975a1993780cfff740f0e961cc9f6eb5fd132c9c93507088bc7dfde3eb395945686c5f707dd3918d054cfedbdec09e83ba57f92f117473c47321c5b2353e6c

  • SSDEEP

    24576:84UpDMuCSO5T9iKvkK1dA97hfNpZZ06nlvmp78nLBXzPeu67:QplyTv1gpJk98nLBXz2x7

Malware Config

Extracted

Family

socelars

C2

http://www.kvubgc.com/

Targets

    • Target

      b30d0a4d141676b9f710333bca0523d5167cda1381c288aaf0b14f4f0afb6700

    • Size

      1.4MB

    • MD5

      fa82f3a118b758e6253a9082624a2367

    • SHA1

      5615c1ae97da5274844eec984d1801b59a2475bd

    • SHA256

      b30d0a4d141676b9f710333bca0523d5167cda1381c288aaf0b14f4f0afb6700

    • SHA512

      5f975a1993780cfff740f0e961cc9f6eb5fd132c9c93507088bc7dfde3eb395945686c5f707dd3918d054cfedbdec09e83ba57f92f117473c47321c5b2353e6c

    • SSDEEP

      24576:84UpDMuCSO5T9iKvkK1dA97hfNpZZ06nlvmp78nLBXzPeu67:QplyTv1gpJk98nLBXz2x7

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks