Extracted

• • Target

    4C49F078D9E8409D98D83AEBA2C037339680B2ABF7471B599E736A7AD99FB08D.exe

  • Size

    1.5MB

  • MD5

    f1f70ba64226076ff5ccc297301d7c93

  • SHA1

    68cfbd7f5888c0a89671a350db95d7b7b9dc8e26

  • SHA256

    8c28fb5d64ea3cbbcb5da19eb30e6ec8f2acb4c16e0f935275117f49ec4b4b19

  • SHA512

    f2de772227274695756afae89fa9fdbeb8c313ca5f3a7f365cbb7c9d070ea7e001ac2c75f8063219ec0ff9d086b3000ca6e6d23e9f18b6aed9cd331c7a8e3809

  • SSDEEP

    24576:Mwpk4V9rRM1oDb+enGs2Q6E9ZBJRPHJTrFSJ84ufAQKF2fJmg:5pRc1OMcV/sJjAAQKYfYg

  Score

  10^/10

  socelarsaspackv2credential_accessdiscoveryspywarestealer

  • Socelars

    Socelars is an infostealer targeting browser cookies and credit card credentials.

    stealersocelars

  • Socelars payload

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops Chrome extension

  • Legitimate hosting services abused for malware hosting/C2

  • Checks system information in the registry

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1behavioral2