General
-
Target
JaffaCakes118_27703d5957f0113ade3d59b90e5f8ea36806071ee9812a26d1aba7cf08161916
-
Size
712KB
-
Sample
241223-rag4ka1pa1
-
MD5
b3701c0dbe426ba99192a7cdfd7b0a26
-
SHA1
cdc0154423a3bf2af1240d2dee35d9d631c23a4e
-
SHA256
27703d5957f0113ade3d59b90e5f8ea36806071ee9812a26d1aba7cf08161916
-
SHA512
25a615af8dc2e171ab050b4dafc8ce0b0b673d71bff106158d2fad6c04f9cf4f896b3aceaf2cba5172e4e849634917f4669695cb26f0d9827419f0c0fb2e9c82
-
SSDEEP
12288:X8WUfruTzG7CBdRLEX07AHX1SvozPi+SCYlTLWY5tGyFrdp6zRcf/HchsqS41AN:sB4xvOEcFZzhtULWmtGyFrdY1cssqF10
Malware Config
Extracted
socelars
https://sa-us-bucket.s3.us-east-2.amazonaws.com/usahd1/
Targets
-
-
Target
55c952867359623ccc78d72fae96e682.bin
-
Size
1.4MB
-
MD5
55c952867359623ccc78d72fae96e682
-
SHA1
82e880ab8a7f6af15c384b29d69987d291a9a40b
-
SHA256
d1e7582dfb720d397e34892295c733b2374b7c32cbaea6fca682760c08c1b178
-
SHA512
211f30a22d7ee07aa66860e20a54fb6d9071bd38d650b55f7d79c15f7f3dbad69d165a3b408de1f224b1aef2629456dc7eb326c48e0b803e1b37c9615a8fe259
-
SSDEEP
24576:ucprkvVNj0ipxVsvsx2iBY2da02/y+AUDnEQm5n9DKsNaTh9N:jpA3Thl2acE95n9DKsNOh9
Score10/10-
Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
-
Socelars family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1