General

  • Target

    0f00fcb9597bd612c21eecc288a179bc.bin

  • Size

    1.4MB

  • Sample

    240314-bgptzseh3t

  • MD5

    0f00fcb9597bd612c21eecc288a179bc

  • SHA1

    409ab50115440a5c725c1e753f1e0eb5d6a50a04

  • SHA256

    b5cb460a9d30794df04a6e93dbe452e463cbe0392f37bb888dab42b4d254ba09

  • SHA512

    227d3170a1376c4366840308a30422ebc6d3169c3bfa0844e122854cacb868abedc0aeb45e982262132146a6c3546d1b5363577f9c945492befa489bdcc7e145

  • SSDEEP

    24576:hIVFA1pqtg/TnMbX0lwyh0FVmEByU1fwFYyOspbQCH6S8qgAQHYfc4:kFA1pvTMbOwa0TmYpMYE9NH6S80QHYU4

Malware Config

Extracted

Family

socelars

C2

http://www.iyiqian.com/

http://www.xxhufdc.top/

http://www.uefhkice.xyz/

http://www.fcektsy.top/

Targets

    • Target

      0f00fcb9597bd612c21eecc288a179bc.bin

    • Size

      1.4MB

    • MD5

      0f00fcb9597bd612c21eecc288a179bc

    • SHA1

      409ab50115440a5c725c1e753f1e0eb5d6a50a04

    • SHA256

      b5cb460a9d30794df04a6e93dbe452e463cbe0392f37bb888dab42b4d254ba09

    • SHA512

      227d3170a1376c4366840308a30422ebc6d3169c3bfa0844e122854cacb868abedc0aeb45e982262132146a6c3546d1b5363577f9c945492befa489bdcc7e145

    • SSDEEP

      24576:hIVFA1pqtg/TnMbX0lwyh0FVmEByU1fwFYyOspbQCH6S8qgAQHYfc4:kFA1pvTMbOwa0TmYpMYE9NH6S80QHYU4

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v15

Tasks