General

  • Target

    2025-06-30_d040cb0e83e0cd83f1999d3e7bbcda0e_amadey_avoslocker_black-basta_darkgate_elex_luca-stealer_lynx

  • Size

    1.4MB

  • Sample

    250630-thb9dsaj31

  • MD5

    d040cb0e83e0cd83f1999d3e7bbcda0e

  • SHA1

    74e8827f2e7ebb582e99f078086d79a6c07443dd

  • SHA256

    be85c26a2186ba8ebc404153f16bfa30b1c4bd86bc59e246242645b836f5f22f

  • SHA512

    78fc1169901964299562a4406ece3e5f2863e465c18a523c1c891524214333f40e6b8931927387ecc84e199010eba6412a203298ba46ede5a57e2c1a633051a3

  • SSDEEP

    24576:Bop4e+P7hGI5Yn3H4pIkOIkWMKhehSrob1gBckLcFZXG6G/cjvW:GpQcZ6WRa9LOZXGL/czW

Malware Config

Extracted

Family

socelars

C2

http://www.iyiqian.com/

http://www.hbgents.top/

http://www.rsnzhy.com/

http://www.efxety.top/

Targets

    • Target

      2025-06-30_d040cb0e83e0cd83f1999d3e7bbcda0e_amadey_avoslocker_black-basta_darkgate_elex_luca-stealer_lynx

    • Size

      1.4MB

    • MD5

      d040cb0e83e0cd83f1999d3e7bbcda0e

    • SHA1

      74e8827f2e7ebb582e99f078086d79a6c07443dd

    • SHA256

      be85c26a2186ba8ebc404153f16bfa30b1c4bd86bc59e246242645b836f5f22f

    • SHA512

      78fc1169901964299562a4406ece3e5f2863e465c18a523c1c891524214333f40e6b8931927387ecc84e199010eba6412a203298ba46ede5a57e2c1a633051a3

    • SSDEEP

      24576:Bop4e+P7hGI5Yn3H4pIkOIkWMKhehSrob1gBckLcFZXG6G/cjvW:GpQcZ6WRa9LOZXGL/czW

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Socelars family

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops Chrome extension

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v16

Tasks