General
-
Target
2025-06-30_d040cb0e83e0cd83f1999d3e7bbcda0e_amadey_avoslocker_black-basta_darkgate_elex_luca-stealer_lynx
-
Size
1.4MB
-
Sample
250630-thb9dsaj31
-
MD5
d040cb0e83e0cd83f1999d3e7bbcda0e
-
SHA1
74e8827f2e7ebb582e99f078086d79a6c07443dd
-
SHA256
be85c26a2186ba8ebc404153f16bfa30b1c4bd86bc59e246242645b836f5f22f
-
SHA512
78fc1169901964299562a4406ece3e5f2863e465c18a523c1c891524214333f40e6b8931927387ecc84e199010eba6412a203298ba46ede5a57e2c1a633051a3
-
SSDEEP
24576:Bop4e+P7hGI5Yn3H4pIkOIkWMKhehSrob1gBckLcFZXG6G/cjvW:GpQcZ6WRa9LOZXGL/czW
Malware Config
Extracted
socelars
http://www.iyiqian.com/
http://www.hbgents.top/
http://www.rsnzhy.com/
http://www.efxety.top/
Targets
-
-
Target
2025-06-30_d040cb0e83e0cd83f1999d3e7bbcda0e_amadey_avoslocker_black-basta_darkgate_elex_luca-stealer_lynx
-
Size
1.4MB
-
MD5
d040cb0e83e0cd83f1999d3e7bbcda0e
-
SHA1
74e8827f2e7ebb582e99f078086d79a6c07443dd
-
SHA256
be85c26a2186ba8ebc404153f16bfa30b1c4bd86bc59e246242645b836f5f22f
-
SHA512
78fc1169901964299562a4406ece3e5f2863e465c18a523c1c891524214333f40e6b8931927387ecc84e199010eba6412a203298ba46ede5a57e2c1a633051a3
-
SSDEEP
24576:Bop4e+P7hGI5Yn3H4pIkOIkWMKhehSrob1gBckLcFZXG6G/cjvW:GpQcZ6WRa9LOZXGL/czW
-
Socelars family
-
Drops Chrome extension
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1