socelars | 19016f6046c546c36eecab64a02330915059a71931fb6ccc1ab057d4805ba7db | Triage

Submit
Reports

Overview

overview

Static

static

c447cdb7f9...18.exe

windows7-x64

c447cdb7f9...18.exe

windows10-2004-x64

Sharing

General

Target

c447cdb7f9d41f5f754a696ffd1acc8c_JaffaCakes118
Size

1.4MB
Sample

240404-25grdsda41
MD5

c447cdb7f9d41f5f754a696ffd1acc8c
SHA1

d4b47106964860921625a1ef8406cf2a6f69199d
SHA256

19016f6046c546c36eecab64a02330915059a71931fb6ccc1ab057d4805ba7db
SHA512

22415dd83fabde64033d5c8b7bd7da08b6b5683becc63cd214222b8580a36157bbd323a5a82edc62489198c6e7265d8d7c0b77e6ec09c70917c29e7daa25baef
SSDEEP

24576:CxpXPaR2J33o3S7P5zuHHOF2ahfehMHsGKzOYf8EEvX3fZ1Fsa:ipy+VDa8rtPvX3fZ/s

Score

10^/10

socelars discovery spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

c447cdb7f9d41f5f754a696ffd1acc8c_JaffaCakes118.exe

Resource

win7-20240221-en

socelars discovery spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

c447cdb7f9d41f5f754a696ffd1acc8c_JaffaCakes118.exe

Resource

win10v2004-20240226-en

socelars spyware stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

socelars

C2

http://www.iyiqian.com/

http://www.hbgents.top/

http://www.rsnzhy.com/

http://www.efxety.top/

Targets

- Target
  
  c447cdb7f9d41f5f754a696ffd1acc8c_JaffaCakes118
- Size
  
  1.4MB
- MD5
  
  c447cdb7f9d41f5f754a696ffd1acc8c
- SHA1
  
  d4b47106964860921625a1ef8406cf2a6f69199d
- SHA256
  
  19016f6046c546c36eecab64a02330915059a71931fb6ccc1ab057d4805ba7db
- SHA512
  
  22415dd83fabde64033d5c8b7bd7da08b6b5683becc63cd214222b8580a36157bbd323a5a82edc62489198c6e7265d8d7c0b77e6ec09c70917c29e7daa25baef
- SSDEEP
  
  24576:CxpXPaR2J33o3S7P5zuHHOF2ahfehMHsGKzOYf8EEvX3fZ1Fsa:ipy+VDa8rtPvX3fZ/s
Score

10^/10

socelars discovery spyware stealer
- Socelars
  Socelars is an infostealer targeting browser cookies and credit card credentials.
  stealer socelars
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Legitimate hosting services abused for malware hosting/C2
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

socelarsdiscoveryspywarestealer

behavioral2

socelarsspywarestealer

© 2018-2024

Terms | Privacy