socelars | d0fed238df1b0482115b9828d6cc7a9f2b7b396eee530e7f76ae48bdae59436d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

fca0a82674...54.exe

windows7-x64

7

fca0a82674...54.exe

windows10-2004-x64

7

Sharing

General

Target

e5c68f7c04f147d6fb620a3ba2bf2c6c.bin
Size

753KB
Sample

230520-b9bstshf98
MD5

a196bd93530740799f7d90cc4d1b4d9c
SHA1

6a74ba22c5430794a641c589ee8c14db48c514db
SHA256

d0fed238df1b0482115b9828d6cc7a9f2b7b396eee530e7f76ae48bdae59436d
SHA512

6c42c787e855b7f5ac546e3218c30e9fe128d3b06af6c928bdfa8b1524d7945c5909163c869926064457f2ca15ca1b65c977b12a27df0de9c3146faca4debc57
SSDEEP

12288:D5uBZ9Wpagpu+eCO9duoh9NBTu37RpdEngVN8WmEjE+9ufWs11EYCG:NeWPexdu4Do3FDUgs7wESufWsjEYP

Score

10^/10

socelars spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

fca0a82674863619b79d6793e6164045d7f35482261c898dc903d07bd4ca9a54.exe

Resource

win7-20230220-en

spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

fca0a82674863619b79d6793e6164045d7f35482261c898dc903d07bd4ca9a54.exe

Resource

win10v2004-20230220-en

spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

socelars

C2

https://hdbywe.s3.us-west-2.amazonaws.com/uysf428/

Targets

- Target
  
  fca0a82674863619b79d6793e6164045d7f35482261c898dc903d07bd4ca9a54.exe
- Size
  
  1.4MB
- MD5
  
  e5c68f7c04f147d6fb620a3ba2bf2c6c
- SHA1
  
  2ccd6c85287a40efac5b9855c9cf432f652f03ff
- SHA256
  
  fca0a82674863619b79d6793e6164045d7f35482261c898dc903d07bd4ca9a54
- SHA512
  
  04c0c7f4b178bf055c205de05e470c5edff393ee30775600f43fe44fb8a247f6a1f34dde0c2098441f025fa2bc3b614e51628fee7b3983c191c2f9ea0a189404
- SSDEEP
  
  24576:rGU0HpRGUYHKaPUM0Hqy69NgA+iVvRuPpND5TqJ6y5eXt7dRjL5hAST:apEUIvU0N9jkpjweXt77X5yK
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy