socelars | e5f67dca4decc6164f5fa50bb6343ee98ae743e6d04bfdb42d790feef2e4e565 | Triage

Sharing

General

Target

09bbb3e275b933030e970564ac22fe77
Size

1.4MB
Sample

231230-blv7kagcfr
MD5

09bbb3e275b933030e970564ac22fe77
SHA1

a26b0b1fa8085aba01f4215af7c3347ae5ebd53c
SHA256

e5f67dca4decc6164f5fa50bb6343ee98ae743e6d04bfdb42d790feef2e4e565
SHA512

9d2300c8aebab886310e97916bfb07e1858151eb88910c7d892b7c5519aaec6a2027ee6b8f46e76b121254ac95591d98bc5b0995b99d28d2a622fcb860d19be7
SSDEEP

24576:l8TJtpd95n1HCEei6gFT/L+V3F+kyRejskFL/whBZhnHo4Sad5RKrD0z2d2ew:6Jtpx1iErFrLK3F7QojUnHo4Sa0rD0ww

Score

10^/10

socelars discovery spyware stealer

Malware Config

Extracted

Family

socelars

C2

http://www.iyiqian.com/

http://www.xxhufdc.top/

http://www.uefhkice.xyz/

http://www.fcektsy.top/

Targets

- Target
  
  09bbb3e275b933030e970564ac22fe77
- Size
  
  1.4MB
- MD5
  
  09bbb3e275b933030e970564ac22fe77
- SHA1
  
  a26b0b1fa8085aba01f4215af7c3347ae5ebd53c
- SHA256
  
  e5f67dca4decc6164f5fa50bb6343ee98ae743e6d04bfdb42d790feef2e4e565
- SHA512
  
  9d2300c8aebab886310e97916bfb07e1858151eb88910c7d892b7c5519aaec6a2027ee6b8f46e76b121254ac95591d98bc5b0995b99d28d2a622fcb860d19be7
- SSDEEP
  
  24576:l8TJtpd95n1HCEei6gFT/L+V3F+kyRejskFL/whBZhnHo4Sad5RKrD0z2d2ew:6Jtpx1iErFrLK3F7QojUnHo4Sa0rD0ww
Score

10^/10

socelars discovery spyware stealer
- Socelars
  Socelars is an infostealer targeting browser cookies and credit card credentials.
  stealer socelars
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Legitimate hosting services abused for malware hosting/C2
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

socelarsdiscoveryspywarestealer

behavioral2

socelarsspywarestealer