socelars | 47d35b344cc8c6ef8e8ae82899655f0f1010d2af4f3c0413e124b9ae94378362 | Triage

Sharing

General

Target

9192eed4f3433a1fe590754041c0a0cf
Size

1.4MB
Sample

240205-kxgb8acba8
MD5

9192eed4f3433a1fe590754041c0a0cf
SHA1

418b2ced928bda145299323e2e162ccbe2fb4454
SHA256

47d35b344cc8c6ef8e8ae82899655f0f1010d2af4f3c0413e124b9ae94378362
SHA512

6ecf205a5be761f17ed5f32cb820f42752bcab89b8a7916696ef5546e29f9492556e870b1ff8107de0f63447603a0c69535a9fdd6ed7edbf2231dacb21bd61d6
SSDEEP

24576:M8TJtpd95n1HCEei6gFT/L+V3F+kyRejskFL/whBZhnHo4Sad5RKr00z4drPC6ew:jJtpx1iErFrLK3F7QojUnHo4Sa0r00i7

Score

10^/10

socelars discovery spyware stealer

Malware Config

Extracted

Family

socelars

C2

http://www.iyiqian.com/

http://www.xxhufdc.top/

http://www.uefhkice.xyz/

http://www.fcektsy.top/

Targets

- Target
  
  9192eed4f3433a1fe590754041c0a0cf
- Size
  
  1.4MB
- MD5
  
  9192eed4f3433a1fe590754041c0a0cf
- SHA1
  
  418b2ced928bda145299323e2e162ccbe2fb4454
- SHA256
  
  47d35b344cc8c6ef8e8ae82899655f0f1010d2af4f3c0413e124b9ae94378362
- SHA512
  
  6ecf205a5be761f17ed5f32cb820f42752bcab89b8a7916696ef5546e29f9492556e870b1ff8107de0f63447603a0c69535a9fdd6ed7edbf2231dacb21bd61d6
- SSDEEP
  
  24576:M8TJtpd95n1HCEei6gFT/L+V3F+kyRejskFL/whBZhnHo4Sad5RKr00z4drPC6ew:jJtpx1iErFrLK3F7QojUnHo4Sa0r00i7
Score

10^/10

socelars discovery spyware stealer
- Socelars
  Socelars is an infostealer targeting browser cookies and credit card credentials.
  stealer socelars
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

socelarsdiscoveryspywarestealer

behavioral2

socelarsspywarestealer