Extracted

Extracted

Extracted

Extracted

• • Target

    file.exe

  • Size

    380KB

  • MD5

    d4310c99d42ad36aed4679860c1c368b

  • SHA1

    547b0af6d1f0abcea19160d361c4f2e605c3b864

  • SHA256

    5531490b3951e8793cb6ee449f75d6fb0b5c1347d1197ccda7ff1b9b15cf9661

  • SHA512

    41b789467abb3758c50ba8c4410684cb204ccebdc7a972a9ed94b57d63c89352f1333e44ea0f4ca27aa1a29ed6d0ef32f4e4f336ac29ec9ec43256bbc270040c

  • SSDEEP

    6144:x/QiQXCvJm+ksmpk3U9jW1U4P9b4OGBfj/WUplm6zIOYQNd28pTXdAmpCLVRZogE:pQi3vs6m6URA3Ph4lL//plmW9bTXeVh8

  Score

  10^/10

  ffdroidergcleanersmokeloadersocelarspub2backdoorevasionloaderpersistencespywarestealertrojan

  • FFDroider

    Stealer targeting social media platform users first seen in April 2022.

    stealerffdroider

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Socelars

    Socelars is an infostealer targeting browser cookies and credit card credentials.

    stealersocelars

  • Socelars payload

  • Checks for common network interception software

    Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

    evasion

  • Downloads MZ/PE file

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2