General
-
Target
09bbb3e275b933030e970564ac22fe77_JaffaCakes118
-
Size
1.4MB
-
Sample
241002-j7wdfszdpf
-
MD5
09bbb3e275b933030e970564ac22fe77
-
SHA1
a26b0b1fa8085aba01f4215af7c3347ae5ebd53c
-
SHA256
e5f67dca4decc6164f5fa50bb6343ee98ae743e6d04bfdb42d790feef2e4e565
-
SHA512
9d2300c8aebab886310e97916bfb07e1858151eb88910c7d892b7c5519aaec6a2027ee6b8f46e76b121254ac95591d98bc5b0995b99d28d2a622fcb860d19be7
-
SSDEEP
24576:l8TJtpd95n1HCEei6gFT/L+V3F+kyRejskFL/whBZhnHo4Sad5RKrD0z2d2ew:6Jtpx1iErFrLK3F7QojUnHo4Sa0rD0ww
Malware Config
Extracted
socelars
http://www.iyiqian.com/
http://www.xxhufdc.top/
http://www.uefhkice.xyz/
http://www.fcektsy.top/
Targets
-
-
Target
09bbb3e275b933030e970564ac22fe77_JaffaCakes118
-
Size
1.4MB
-
MD5
09bbb3e275b933030e970564ac22fe77
-
SHA1
a26b0b1fa8085aba01f4215af7c3347ae5ebd53c
-
SHA256
e5f67dca4decc6164f5fa50bb6343ee98ae743e6d04bfdb42d790feef2e4e565
-
SHA512
9d2300c8aebab886310e97916bfb07e1858151eb88910c7d892b7c5519aaec6a2027ee6b8f46e76b121254ac95591d98bc5b0995b99d28d2a622fcb860d19be7
-
SSDEEP
24576:l8TJtpd95n1HCEei6gFT/L+V3F+kyRejskFL/whBZhnHo4Sad5RKrD0z2d2ew:6Jtpx1iErFrLK3F7QojUnHo4Sa0rD0ww
Score10/10-
Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1