Overview

overview

7

Static

static

SOA- Feb20...20.exe

windows7_x64

7

SOA- Feb20...20.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SOA- Feb2020 to Jun2020.exe

  • Size

    324KB

  • Sample

    200713-ab8wdmshf6

  • MD5

    c77edf13eafc541ba8bfdfebf7e5aa9b

  • SHA1

    4ceb14f6732f5f6a530623941e83ae1a49379cd6

  • SHA256

    9aa09beb9797b5ae4b2f80937442a013a32e78cfa8b59838cf364a53d65f71bc

  • SHA512

    ca6d3ab46bee1b43e829f0257921baf61681092644a908bab1840ce64de18a6343fce600611794dc802c448ef6365775f76a69a50050c50d2d0809762d3dcdcd

Score
7/10
spyware

Malware Config

Targets

    • Target

      SOA- Feb2020 to Jun2020.exe

    • Size

      324KB

    • MD5

      c77edf13eafc541ba8bfdfebf7e5aa9b

    • SHA1

      4ceb14f6732f5f6a530623941e83ae1a49379cd6

    • SHA256

      9aa09beb9797b5ae4b2f80937442a013a32e78cfa8b59838cf364a53d65f71bc

    • SHA512

      ca6d3ab46bee1b43e829f0257921baf61681092644a908bab1840ce64de18a6343fce600611794dc802c448ef6365775f76a69a50050c50d2d0809762d3dcdcd

    Score
    7/10
    spyware

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks