a0c77b9f372d94ae8cbc32b27d319491cb65001b12963bc68b96b8caaf10dfa0 | Triage

Submit
Reports

Overview

overview

Static

static

SOA.exe

windows7-x64

SOA.exe

windows10-2004-x64

Resubmissions

06-01-2023 00:39

230106-aztefsdg69 10

06-01-2023 00:31

230106-at5kjadg59 10

Sharing

General

Target

SOA.exe
Size

1.1MB
Sample

230106-at5kjadg59
MD5

f890903c9b2fa054a4b22b4240870db2
SHA1

06ed4e7131287fcf01e49834180567daf9a13240
SHA256

a0c77b9f372d94ae8cbc32b27d319491cb65001b12963bc68b96b8caaf10dfa0
SHA512

b230749492b8d3ceb0824badc423c163c706df0c464849950523f2bedefa2ed7f50de83ee403611f1c5559f154f0fed7335310d23233701625de65bc09b9e883
SSDEEP

12288:xJEPCBEYJmzdicP0bYzJfKMVvS1yIuDBXolPu3fgzHIGEoTCqEUbeSh39W+ll8nO:rCJRVXbe8REgRJrn85cMNd

Score

10^/10

collection evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

SOA.exe

Resource

win7-20220901-en

collection evasion persistence trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

SOA.exe

Resource

win10v2004-20221111-en

collection evasion persistence trojan

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  SOA.exe
- Size
  
  1.1MB
- MD5
  
  f890903c9b2fa054a4b22b4240870db2
- SHA1
  
  06ed4e7131287fcf01e49834180567daf9a13240
- SHA256
  
  a0c77b9f372d94ae8cbc32b27d319491cb65001b12963bc68b96b8caaf10dfa0
- SHA512
  
  b230749492b8d3ceb0824badc423c163c706df0c464849950523f2bedefa2ed7f50de83ee403611f1c5559f154f0fed7335310d23233701625de65bc09b9e883
- SSDEEP
  
  12288:xJEPCBEYJmzdicP0bYzJfKMVvS1yIuDBXolPu3fgzHIGEoTCqEUbeSh39W+ll8nO:rCJRVXbe8REgRJrn85cMNd
Score

10^/10

collection evasion persistence trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Accesses Microsoft Outlook profiles
  collection
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

collectionevasionpersistencetrojan

behavioral2

collectionevasionpersistencetrojan

© 2018-2024

Terms | Privacy