Overview

overview

10

Static

static

10

1450995da3...86.exe

windows7-x64

7

1450995da3...86.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1450995da3e809485bdbcedc9dca993658b60e14da3f66cb537da66f5f7b2286

  • Size

    1.4MB

  • Sample

    230828-ndq9vsdc5v

  • MD5

    3fb4282433757b0fd85422f5ee79be8c

  • SHA1

    842a54e99d239434d33980e1d7d560d4e886de94

  • SHA256

    1450995da3e809485bdbcedc9dca993658b60e14da3f66cb537da66f5f7b2286

  • SHA512

    e1a718d9fc30846cdac953b1fc71817608f7937e0488015dcc44b3caf27b5576170922d947f877ef0bf899f609fb9f614c9ea4f1a499f24ac12838e8c895767a

  • SSDEEP

    24576:VRp2fYlh5hJYrsWSlTeTmvL26IZX8W6jO2okW1negMEwpVON:Hp1v1ji5jtF1nQ3pcN

Score
10/10
socelarsspywarestealer

Malware Config

Extracted

Family

socelars

C2

http://www.iyiqian.com/

http://www.hbgents.top/

http://www.rsnzhy.com/

http://www.znsjis.top/

Targets

    • Target

      1450995da3e809485bdbcedc9dca993658b60e14da3f66cb537da66f5f7b2286

    • Size

      1.4MB

    • MD5

      3fb4282433757b0fd85422f5ee79be8c

    • SHA1

      842a54e99d239434d33980e1d7d560d4e886de94

    • SHA256

      1450995da3e809485bdbcedc9dca993658b60e14da3f66cb537da66f5f7b2286

    • SHA512

      e1a718d9fc30846cdac953b1fc71817608f7937e0488015dcc44b3caf27b5576170922d947f877ef0bf899f609fb9f614c9ea4f1a499f24ac12838e8c895767a

    • SSDEEP

      24576:VRp2fYlh5hJYrsWSlTeTmvL26IZX8W6jO2okW1negMEwpVON:Hp1v1ji5jtF1nQ3pcN

    Score
    7/10
    spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops Chrome extension

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks