Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
47276bf684ba8a597ad9ce609323de8ad45e79e7367d7847553b9b359bf5bd29.zip
-
Size
748KB
-
Sample
250325-1qlw5as1bt
-
MD5
c0e1de75f33f7b900534d1e883c6b20a
-
SHA1
fa26981d1a6a3cb7a7e39b5e31696a7760c122e2
-
SHA256
47276bf684ba8a597ad9ce609323de8ad45e79e7367d7847553b9b359bf5bd29
-
SHA512
f228cdea191132ed1aec3ec1a560e5c87adf2e8e40684b12f69250f4b2caf306639c60e14dc96838d8c180d14cbb924089fe63e104b353cfc7a6f4384e54376a
-
SSDEEP
12288:qsTFJMRkKmGMR91hna7MRag2P4NndQvo2aR3+zps/BH+B6LPwp//xOKHfKf5KXdw:7TLK/o91hlag040TaRmSQAg/VtXdcIjG
Malware Config
Extracted
socelars
http://www.iyiqian.com/
http://www.hbgents.top/
http://www.rsnzhy.com/
http://www.znsjis.top/
Targets
-
-
Target
9797a37016362ce602e53046e32a596c186a489976d38a7e2e9113344415c71a.exe
-
Size
1.4MB
-
MD5
9da6fd3b6129076a2a7ffaa481ca5cf9
-
SHA1
379bb58bee6bafad8169c47223e946e4bb9cfa0c
-
SHA256
9797a37016362ce602e53046e32a596c186a489976d38a7e2e9113344415c71a
-
SHA512
18a00a964f7b4e925eb97cd2235ec14cb88f8450a718237fd602bf7c23a5f29ddfa70b285503191fbd5af88a0c15bf37b98fde5b3aef29d75c413548f7e7875a
-
SSDEEP
24576:+xpXPaR2J33o3S7P5zuHHOF2CxfehMHsGKzOYCMEMfX4vZ1fMKeC0:Opy+VDi8rgHfX4vZ9MKeZ
Score10/10-
Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
-
Socelars family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1