Extracted

• • Target

    2024-07-25_7bb46178f57f6ea01347b1790d7bfa27_avoslocker_wapomi

  • Size

    1.7MB

  • MD5

    7bb46178f57f6ea01347b1790d7bfa27

  • SHA1

    bad79fb2e79f12feabd5249636537842e45b9bef

  • SHA256

    ded8995ef3dc7ea298fa16e1733b033e06261a76e1639430d4808600884c7467

  • SHA512

    86ea26f7f142020e1738de929b6de90400cfa7a1e7b8f69aa62c46b98c220e8f9966eb319bae04fef5c23cea21935d4f10c944e16e4bce4e2e47e5d7c30d9da5

  • SSDEEP

    24576:DKAgpBGV2HpWHuREjDnI2AuADZ8KvqC75H2dtDPc/ExKFY/fwg:vgpG57R8InDPcsxKC/fwg

  Score

  10^/10

  socelarsaspackv2credential_accessdiscoveryspywarestealer

  • Socelars

    Socelars is an infostealer targeting browser cookies and credit card credentials.

    stealersocelars

  • Socelars payload

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops Chrome extension

  • Legitimate hosting services abused for malware hosting/C2

  • Checks system information in the registry

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1behavioral2