socelars | 04b6f3963ed68d98769263abdbd60560e8b8fef00b5c5b5dec1c0476a74aa135 | Triage

Submit
Reports

Overview

overview

Static

static

04b6f3963e...35.exe

windows7-x64

04b6f3963e...35.exe

windows10-2004-x64

Sharing

General

Target

04b6f3963ed68d98769263abdbd60560e8b8fef00b5c5b5dec1c0476a74aa135
Size

697KB
Sample

230810-knxb3sdb7z
MD5

e30da47c23c3d8303567bec86fc347e7
SHA1

524eb1363a2ad19322bb7d234ba32182e2a7e1e6
SHA256

04b6f3963ed68d98769263abdbd60560e8b8fef00b5c5b5dec1c0476a74aa135
SHA512

38039dcd3f5a787334eff8cf3e6d2b17063f043f7d44ae843c7d2cb22eefa91d444d6e4cdbc038a75cef028bb7480b96b101e3ae5091a60871cfbfed5629d62c
SSDEEP

12288:5h3OO//rLMPou0reXiajlz3u+pPuq9klVFOkvP5coCIWvPkGypBU9tSqSrJn1tdF:5lOOnPDu0rebZF2q9klV4+CoCJvcb09E

Score

10^/10

socelars spyware stealer upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

04b6f3963ed68d98769263abdbd60560e8b8fef00b5c5b5dec1c0476a74aa135.exe

Resource

win7-20230712-en

socelars spyware stealer upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

04b6f3963ed68d98769263abdbd60560e8b8fef00b5c5b5dec1c0476a74aa135.exe

Resource

win10v2004-20230703-en

socelars spyware stealer upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

socelars

C2

http://www.iyiqian.com/

http://www.xxhufdc.top/

http://www.uefhkice.xyz/

http://www.wygexde.xyz/

Targets

- Target
  
  04b6f3963ed68d98769263abdbd60560e8b8fef00b5c5b5dec1c0476a74aa135
- Size
  
  697KB
- MD5
  
  e30da47c23c3d8303567bec86fc347e7
- SHA1
  
  524eb1363a2ad19322bb7d234ba32182e2a7e1e6
- SHA256
  
  04b6f3963ed68d98769263abdbd60560e8b8fef00b5c5b5dec1c0476a74aa135
- SHA512
  
  38039dcd3f5a787334eff8cf3e6d2b17063f043f7d44ae843c7d2cb22eefa91d444d6e4cdbc038a75cef028bb7480b96b101e3ae5091a60871cfbfed5629d62c
- SSDEEP
  
  12288:5h3OO//rLMPou0reXiajlz3u+pPuq9klVFOkvP5coCIWvPkGypBU9tSqSrJn1tdF:5lOOnPDu0rebZF2q9klV4+CoCJvcb09E
Score

10^/10

socelars spyware stealer upx
- Socelars
  Socelars is an infostealer targeting browser cookies and credit card credentials.
  stealer socelars
- Socelars payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops Chrome extension
- Legitimate hosting services abused for malware hosting/C2
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

socelarsspywarestealerupx

behavioral2

socelarsspywarestealerupx

© 2018-2024

Terms | Privacy