Overview

overview

10

Static

static

3

7ABD1498D4...24.exe

windows7-x64

10

7ABD1498D4...24.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7ABD1498D4FDC7CA551E0163CFE9B924.exe

  • Size

    5.5MB

  • Sample

    250126-l43dpszmfn

  • MD5

    7abd1498d4fdc7ca551e0163cfe9b924

  • SHA1

    0946eff13697616e07dfb75e34a105a63276c5fe

  • SHA256

    fbfcd4f23994e03f4545455263b2e03e7ef9ae29eda2bbed8758182b36128cf4

  • SHA512

    054407e0a5792320bf6563c43e9d252ffdb6b12df08f03809970dc967162f5659d335488d6ce9b0c3f8ea2b8ec5c89f65326343b5c8669e9a4c9a3e37c2475d1

  • SSDEEP

    98304:Pb2PsKyEaQh5nQpRMEDp4P63W/r2gEUDupTaOxyw1+paaBk0fd11hEGaNnlW5rI:PCsKTQDMdPyWDGISxyw11aBkk1GGaeS

Score
10/10
ffdroiderprivateloadersocelarsdefense_evasiondiscoveryloaderspywarestealertrojan

Malware Config

Extracted

Family

socelars

C2

https://sa-us-bucket.s3.us-east-2.amazonaws.com/usahd1/

Extracted

Family

privateloader

C2

http://212.193.30.45/proxies.txt

http://45.144.225.57/server.txt

pastebin.com/raw/A7dSG1te

http://wfsdragon.ru/api/setStats.php

2.56.59.42

Extracted

Family

ffdroider

C2

http://186.2.171.17

Targets

    • Target

      7ABD1498D4FDC7CA551E0163CFE9B924.exe

    • Size

      5.5MB

    • MD5

      7abd1498d4fdc7ca551e0163cfe9b924

    • SHA1

      0946eff13697616e07dfb75e34a105a63276c5fe

    • SHA256

      fbfcd4f23994e03f4545455263b2e03e7ef9ae29eda2bbed8758182b36128cf4

    • SHA512

      054407e0a5792320bf6563c43e9d252ffdb6b12df08f03809970dc967162f5659d335488d6ce9b0c3f8ea2b8ec5c89f65326343b5c8669e9a4c9a3e37c2475d1

    • SSDEEP

      98304:Pb2PsKyEaQh5nQpRMEDp4P63W/r2gEUDupTaOxyw1+paaBk0fd11hEGaNnlW5rI:PCsKTQDMdPyWDGISxyw11aBkk1GGaeS

    Score
    10/10
    ffdroiderprivateloadersocelarsdefense_evasiondiscoveryloaderspywarestealertrojan

    • FFDroider

      Stealer targeting social media platform users first seen in April 2022.

      stealerffdroider

    • FFDroider payload

    • Ffdroider family

      ffdroider

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • Privateloader family

      privateloader

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

      stealersocelars

    • Socelars family

      socelars

    • Socelars payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      defense_evasiontrojan

    • Drops Chrome extension

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks