General
-
Target
Outstanding SOA.exe
-
Size
601KB
-
Sample
221210-j7afzsfb48
-
MD5
5b18fe7d9aa3fdcdec0d0932827f7b05
-
SHA1
104e5d48286576742b08a760d208ce13ad141594
-
SHA256
0f271e19f44c1a2535e2010c6c9d25cacfba120bd75fab85e01feebe961dd4c7
-
SHA512
871820be64509b04dd7fd35d7e44204050801a9157836fc9ddfaedf83a1aa6d583bd0541753caa9b78e6b2c425e2e7487e5e223d5bcdcbb95d5b7bca0186db53
-
SSDEEP
12288:1Z+9tvUmtBrASq86QaJZ76qIJgNhU3aHHI1S8WDcKEBkKmYu8gWd78rrYk3S:b+vvLo86QMZ7QQuoT8WYu8Rd78r8
Static task
static1
Behavioral task
behavioral1
Sample
Outstanding SOA.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
scse
SKpYFyVNT2zunKf0uuM=
FlEHUseI7I5XbrO8fR/XBcS9ZA==
FPuxoUOxkLiATugw
VKdxsDSk0jdT5Kw=
FpqHf9iI/1tl97E=
YGI6sIl3UIxfZvlD+JiUuuLR
oBAEO0suBEAD5aK00A==
RKJqTzg4gQ/Q6DYSuTjDGkwuyl0ik5Kb8w==
VFg9s3W0/Ype8A3cZb+D7g==
hwD+VNd6014nrsaTWm4FBcS9ZA==
zkAdUq1soKYUfZaTqLmL
XVQ9WbRivUIQ477a/hKv+g==
QireF2geizAwmp674AGc5g==
PSTUQxs6j8OATugw
LHJhyy2VbX8NEqf0uuM=
MiY1vg6T3HqATugw
wqkUjaVXnGgBqA==
jUr/eUtSIT01Wegt
PjQidcqKzAbSZICUZb+D7g==
OkAmcv12sUEAIHwFHakzdIo2FPHw
zyDLsw+3I3H6gnaGZb+D7g==
ll0HRs5IJGxCZMJPahHgOt2RqjU=
YqaIEokHuw6V
jGJG11YCObJ+IQIXCW8KU+ZcbA==
jv4ITr8zITdT5Kw=
nXYro3yHe5YV5aK00A==
rJt1IPkxeQDUayhVCJyUuuLR
oFwz1DUU/RdD5aK00A==
FHlVTKEVIRFE5aK00A==
8GhjL2lJOWD+5aK00A==
k3BLouunGsagwhAi6oeUuuLR
p45GiQN5bZMjR9karDwDa442FPHw
Zdd7rVCKu/b3TIVU6t/lP92RqjU=
wyjxGjYHuw6V
nW5RrwV6yTdT5Kw=
itzGDGclWW4SqnLBSWH5Pt2RqjU=
8zwgceJYRWn+DKf0uuM=
EmojFmj027tsHrs=
ExQEPY5UyyS00HPvNNCH8w==
laiGCZRTkbg/XAl/Zb+D7g==
wYQysWBl+DdT5Kw=
MWo3rYV3XoAJ5aK00A==
hnht0SrcDR+XpjV6H6WUuuLR
rxqw6S7qG8A=
aEcfph/RAUAcfZYnXOw=
EXdVkuuzJ8eEjkTROs2D
MDYsc8l6w0wM7ZOiyQ==
Rw3XPwT+8UID5aK00A==
zDPp+Pskft/5iqS+0Q==
Z8h8hYCm/ULHXQ+YY2kJBcS9ZA==
vTDkm31vabx5EfoFMjLsVpBlz+fQfg==
+EcrRpZyp7tFba65dhvXBcS9ZA==
rHVJpwl6dLSATugw
gUoTghFSoTMpiXyQe9N3uOjQ
47Zwn/CkFQCty07ROs2D
NYkP+jcHuw6V
nfvdFnkHuw6V
L4piRRhAmfwGKITjemhRkmQ=
s6Jdx36Q+t5U7LE=
58iYH6dVmzYCnHZ/Zb+D7g==
IQ/WHZJWuVUD5aK00A==
Cf6t72PUxhnicjvBiFxqP0o2FPHw
DQr7l4R4rlEJ5aK00A==
62gezKeQv8mIIBbcZb+D7g==
kmuregister.com
Targets
-
-
Target
Outstanding SOA.exe
-
Size
601KB
-
MD5
5b18fe7d9aa3fdcdec0d0932827f7b05
-
SHA1
104e5d48286576742b08a760d208ce13ad141594
-
SHA256
0f271e19f44c1a2535e2010c6c9d25cacfba120bd75fab85e01feebe961dd4c7
-
SHA512
871820be64509b04dd7fd35d7e44204050801a9157836fc9ddfaedf83a1aa6d583bd0541753caa9b78e6b2c425e2e7487e5e223d5bcdcbb95d5b7bca0186db53
-
SSDEEP
12288:1Z+9tvUmtBrASq86QaJZ76qIJgNhU3aHHI1S8WDcKEBkKmYu8gWd78rrYk3S:b+vvLo86QMZ7QQuoT8WYu8Rd78r8
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-