bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79 | Triage

Sharing

General

Target

SOA.exe
Size

1.4MB
Sample

221125-nkejmsdd97
MD5

d35a0218361627d544d28334ca3c2cd7
SHA1

1de8ab2ada55056d0c1131c20671e167d854fdac
SHA256

bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79
SHA512

2acd1a573d5ca6b0a738d2e6ad2316f19a80f013ec0a7e205dcbd08b6bb852b5e7dda619e7cf515d2983294b4e7b18dc309dddd146bec65a1c087fa61667e76b
SSDEEP

24576:LAOcZXMuhlNU6mcQIM20GHr2nf4UsZzCJ45M4KnmdMLFspB6Q7Cj1:NEPWcQGFr84UsZn5QnmdMLE8Q7C1

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  SOA.exe
- Size
  
  1.4MB
- MD5
  
  d35a0218361627d544d28334ca3c2cd7
- SHA1
  
  1de8ab2ada55056d0c1131c20671e167d854fdac
- SHA256
  
  bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79
- SHA512
  
  2acd1a573d5ca6b0a738d2e6ad2316f19a80f013ec0a7e205dcbd08b6bb852b5e7dda619e7cf515d2983294b4e7b18dc309dddd146bec65a1c087fa61667e76b
- SSDEEP
  
  24576:LAOcZXMuhlNU6mcQIM20GHr2nf4UsZzCJ45M4KnmdMLFspB6Q7Cj1:NEPWcQGFr84UsZn5QnmdMLE8Q7C1
Score

8^/10

evasion persistence
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence