General
-
Target
JaffaCakes118_e65340a223688a29c1512d8e64e773b6d46229b0177e03e7f33dda28832116c2
-
Size
731KB
-
Sample
241225-b9pdxstpbj
-
MD5
46d3649a28e8eb466d9f5ccda94a68e0
-
SHA1
4ff1f053e81d0a0b1ebcf9e07445ddde8dace28c
-
SHA256
e65340a223688a29c1512d8e64e773b6d46229b0177e03e7f33dda28832116c2
-
SHA512
750f0ae7bfa54da66b5d11c483d22c96bdb90d6480cca9acc7fa6dedab748cb2a8f054d1aabc420ac4c7e618cf7e04e11aac48b5b0264fab7f916553c4632dbe
-
SSDEEP
12288:vyCay+MqvsOcq02Evdfa+q6xVgQlYwhP1XvvOIX2C5EkvPF42GghoIn+Sr:kyOcq0BvdSd63R5bXvvOIXhEkv5hjn+i
Malware Config
Extracted
socelars
https://sa-us-bucket.s3.us-east-2.amazonaws.com/422gasvd/
Targets
-
-
Target
5adc45c44a1394d9140530597cbd7fb5c1df52bef9b9a7ae6e12fadd23c535eb.exe
-
Size
1.4MB
-
MD5
3c6a5b8897a2bda4869665e21ac5a80f
-
SHA1
2858099e58e7cec843b55610c28ef89e03c95a5f
-
SHA256
5adc45c44a1394d9140530597cbd7fb5c1df52bef9b9a7ae6e12fadd23c535eb
-
SHA512
1c676d845ed1562fa0d12cc1d615ef1c4f8ef706de85a3c3bccdc8ad639569caf20071b014c61423e8ba450392bec96d8617b687e23f2ca40f459a8bf954c162
-
SSDEEP
24576:WQAgpBGV2HpWHuREjDnI2AuADZ8KvqC7dH2dtDPc/o/KFuRtg:WgpG57R8cnDPcQ/KURtg
Score10/10-
Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
-
Socelars family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops Chrome extension
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1