socelars | 55fc7e624b75a66d04ed1dfc8d6957ceb013db94e9be29e779280378011d1399 | Triage

Submit
Reports

Overview

overview

Static

static

7908fc0070...ae.exe

windows7-x64

7908fc0070...ae.exe

windows10-2004-x64

Sharing

General

Target

7908fc00709580c4e12534bcd7ef8aae
Size

1.4MB
Sample

231219-w8w3lagfa2
MD5

7908fc00709580c4e12534bcd7ef8aae
SHA1

616616595f65c8fdaf1c5f24a4569e6af04e898f
SHA256

55fc7e624b75a66d04ed1dfc8d6957ceb013db94e9be29e779280378011d1399
SHA512

0d5a72410d628d3bf6ff9188a69f378e04184ed603a620659f4084bd8a5a392577849c5aa895706eec5213b0036d24faafb8e153b458b5f53d8da7ce636b7a00
SSDEEP

24576:CxpXPaR2J33o3S7P5zuHHOF2CxfehMHsGKzOYCMEMfX4QZ1XSlqOR:ipy+VDi8rgHfX4QZhSnR

Score

10^/10

socelars discovery spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

7908fc00709580c4e12534bcd7ef8aae.exe

Resource

win7-20231215-en

socelars discovery spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

7908fc00709580c4e12534bcd7ef8aae.exe

Resource

win10v2004-20231215-en

socelars spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

socelars

C2

http://www.iyiqian.com/

http://www.hbgents.top/

http://www.rsnzhy.com/

http://www.znsjis.top/

Targets

- Target
  
  7908fc00709580c4e12534bcd7ef8aae
- Size
  
  1.4MB
- MD5
  
  7908fc00709580c4e12534bcd7ef8aae
- SHA1
  
  616616595f65c8fdaf1c5f24a4569e6af04e898f
- SHA256
  
  55fc7e624b75a66d04ed1dfc8d6957ceb013db94e9be29e779280378011d1399
- SHA512
  
  0d5a72410d628d3bf6ff9188a69f378e04184ed603a620659f4084bd8a5a392577849c5aa895706eec5213b0036d24faafb8e153b458b5f53d8da7ce636b7a00
- SSDEEP
  
  24576:CxpXPaR2J33o3S7P5zuHHOF2CxfehMHsGKzOYCMEMfX4QZ1XSlqOR:ipy+VDi8rgHfX4QZhSnR
Score

10^/10

socelars discovery spyware stealer
- Socelars
  Socelars is an infostealer targeting browser cookies and credit card credentials.
  stealer socelars
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Legitimate hosting services abused for malware hosting/C2
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

socelarsdiscoveryspywarestealer

behavioral2

socelarsspywarestealer

© 2018-2025

Terms | Privacy