Overview

overview

10

Static

static

10

baa553f1e4...22.exe

windows7-x64

10

baa553f1e4...22.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    baa553f1e49ce769cdece59801cf1922

  • Size

    1.4MB

  • Sample

    240308-gbbytshc7z

  • MD5

    baa553f1e49ce769cdece59801cf1922

  • SHA1

    e59fb4277d3d36e140f73fa128b3d1103b375158

  • SHA256

    02a5466eb5df2aef6f904ef7fa8ef36c2b98ace1ae5998cc516ad69884246550

  • SHA512

    2732e54a6f61da3b7168f59294eeb21ecc841bd74c27d3835a0f77bebad22695612fa8b48963d8176bc4d112bb5e9b379c46ea16346da98b8bfea8721e6fbcf6

  • SSDEEP

    24576:AIVFA1pqtg/TnMbX0lwyh0FVmEByA1EwFYyOsFTceoCSPZVjQ7Yf/6DP:hFA1pvTMbOwa0TmUyMYEh1oCSPnQ7YXm

Score
10/10
socelarsdiscoveryspywarestealer

Malware Config

Extracted

Family

socelars

C2

http://www.iyiqian.com/

http://www.xxhufdc.top/

http://www.uefhkice.xyz/

http://www.fcektsy.top/

Targets

    • Target

      baa553f1e49ce769cdece59801cf1922

    • Size

      1.4MB

    • MD5

      baa553f1e49ce769cdece59801cf1922

    • SHA1

      e59fb4277d3d36e140f73fa128b3d1103b375158

    • SHA256

      02a5466eb5df2aef6f904ef7fa8ef36c2b98ace1ae5998cc516ad69884246550

    • SHA512

      2732e54a6f61da3b7168f59294eeb21ecc841bd74c27d3835a0f77bebad22695612fa8b48963d8176bc4d112bb5e9b379c46ea16346da98b8bfea8721e6fbcf6

    • SSDEEP

      24576:AIVFA1pqtg/TnMbX0lwyh0FVmEByA1EwFYyOsFTceoCSPZVjQ7Yf/6DP:hFA1pvTMbOwa0TmUyMYEh1oCSPnQ7YXm

    Score
    10/10
    socelarsdiscoveryspywarestealer

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

      stealersocelars

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops Chrome extension

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks