socelars | 2025-01-24_24fdbff717fa8a5f292d4418d3a14a4b_avoslocker | Triage

Sharing

General

Target

2025-01-24_24fdbff717fa8a5f292d4418d3a14a4b_avoslocker
Size

1.2MB
MD5

24fdbff717fa8a5f292d4418d3a14a4b
SHA1

82738e712f48e30b6a399577db132bc307585ed9
SHA256

4ba8778be8ea921ad4bccded6b7cede9c3ce72322c8cd40831ad00bea2379be4
SHA512

bfcd1fdc313c6f57c2aeb01187abbfdf39afbb3031409b019d914b8579b76f1d4d50051e2407b61d6ba5be14b21551afe4356e6f3b644609ca0fa8ead7dcf85a
SSDEEP

24576:ZRp2fYlh5hJYrsWSlTeTmvL26IZX8W6jO2okW1negMd:rp1v1ji5jtF1nQ

Score

10^/10

socelars

Malware Config

Signatures

Socelars family
socelars

Socelars payload 1 IoCs

resource	yara_rule
sample	family_socelars

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-01-24_24fdbff717fa8a5f292d4418d3a14a4b_avoslocker

Files

2025-01-24_24fdbff717fa8a5f292d4418d3a14a4b_avoslocker
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eggehet
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eggehet
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ