General

  • Target

    df5c5f0768e8d2f554467b930afda09c_JaffaCakes118

  • Size

    930KB

  • Sample

    241211-bwf6dsyqaw

  • MD5

    df5c5f0768e8d2f554467b930afda09c

  • SHA1

    6b00445635ef04d12b0bb8992c8cc1ae384383f4

  • SHA256

    86040ddf448fb04e7efec05ad0e07bb2ff3d75d65520a4aedc32120cb018e2ce

  • SHA512

    f23c63f52dd7728526c7c461335ea355d0746947a53ce7c6bf6226a7f78c530158851e3d269ba658404a8f4e52cebe8feb7ca441526ef73f752a9e5717ba7a27

  • SSDEEP

    24576:7W5d/Zo0AI0kkHBIYRj4wUrFGtwl9Cs5ySq:716aJj4drFGw9bs5

Malware Config

Extracted

Family

socelars

C2

http://www.iyiqian.com/

http://www.xxhufdc.top/

http://www.uefhkice.xyz/

http://www.fcektsy.top/

Targets

    • Target

      df5c5f0768e8d2f554467b930afda09c_JaffaCakes118

    • Size

      930KB

    • MD5

      df5c5f0768e8d2f554467b930afda09c

    • SHA1

      6b00445635ef04d12b0bb8992c8cc1ae384383f4

    • SHA256

      86040ddf448fb04e7efec05ad0e07bb2ff3d75d65520a4aedc32120cb018e2ce

    • SHA512

      f23c63f52dd7728526c7c461335ea355d0746947a53ce7c6bf6226a7f78c530158851e3d269ba658404a8f4e52cebe8feb7ca441526ef73f752a9e5717ba7a27

    • SSDEEP

      24576:7W5d/Zo0AI0kkHBIYRj4wUrFGtwl9Cs5ySq:716aJj4drFGw9bs5

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Socelars family

    • Socelars payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v15

Tasks