General

  • Target

    bc3f416df3ded32d46930db95917fd52

  • Size

    1.4MB

  • Sample

    240309-trljescg2t

  • MD5

    bc3f416df3ded32d46930db95917fd52

  • SHA1

    0fce98b62fb734fddb457197b710d6966057e68e

  • SHA256

    713cc95814f8cb1069d70187795a0177df12bc899889cbd80b8e2d75130b9570

  • SHA512

    fbd41b8426635b78ec0288da80a28adca1b60600d8a03ac99886455e46da44172363f036a04fdbaaa07572d6053a03d506214f7b8f71ebf6e09655813871903d

  • SSDEEP

    24576:cjmZxpT2xecnFAaeHrTM+zNyReyAN4/FDsSl3qJbZ9GgtS/Zj8IXsp9PC6Nz:9Zxp1cFA3rY+hykedwYqJygtS/R8IXW1

Malware Config

Extracted

Family

socelars

C2

http://www.iyiqian.com/

http://www.xxhufdc.top/

http://www.uefhkice.xyz/

http://www.fcektsy.top/

Targets

    • Target

      bc3f416df3ded32d46930db95917fd52

    • Size

      1.4MB

    • MD5

      bc3f416df3ded32d46930db95917fd52

    • SHA1

      0fce98b62fb734fddb457197b710d6966057e68e

    • SHA256

      713cc95814f8cb1069d70187795a0177df12bc899889cbd80b8e2d75130b9570

    • SHA512

      fbd41b8426635b78ec0288da80a28adca1b60600d8a03ac99886455e46da44172363f036a04fdbaaa07572d6053a03d506214f7b8f71ebf6e09655813871903d

    • SSDEEP

      24576:cjmZxpT2xecnFAaeHrTM+zNyReyAN4/FDsSl3qJbZ9GgtS/Zj8IXsp9PC6Nz:9Zxp1cFA3rY+hykedwYqJygtS/R8IXW1

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v15

Tasks