Overview

overview

10

Static

static

10

soan2/soan.exe

windows7-x64

7

soan2/soan.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8e93520d569a6e2afed2da31224c7568.bin

  • Size

    17.7MB

  • Sample

    240229-b8pcjaag86

  • MD5

    8e93520d569a6e2afed2da31224c7568

  • SHA1

    8b45cf1d65ffa2bf061222e2e35d0a3fb4739b87

  • SHA256

    94c0a9f4adcb87a5705f7ad0776b27ee6471131f21fadad162de21590669f649

  • SHA512

    a5e250e2ce0f121de7f5a89ced3a2fd0ddd69d47346c6020351bf9ee13d9522b81e86d08704392ea061fec879d92a785233218365b9db5a97f03a3daa67dccad

  • SSDEEP

    393216:+oecXb9QxDfm4ZXDqgQG/yMWIsbfq4702k6sncVsLGBAYOD6C:+oe0b9QxDfBdDqgFyrIeP70t6snPbDDZ

Score
10/10
crealstealerpyinstallerspywarestealer

Malware Config

Targets

    • Target

      soan2/soan.exe

    • Size

      17.9MB

    • MD5

      635d67c69491f54b4eb2023bda710e40

    • SHA1

      ba804971c0157a44976eb6f68807cea229003219

    • SHA256

      0e74ad9b6f3e77c13cc818d7151403d85ed94d669157150ffe97d8d889c14b72

    • SHA512

      46fdac407f01d9f1f3c444a2a1a47ce7a39fe60fb56044bcedd6f593c5f63a6ba8e5212973b6118031efd9b3afe824dabf600878e773bfe711ff971e0e668223

    • SSDEEP

      393216:EqC2DlnfBfFZNRwSo67W+eGQRCMTozGxu8C0ibfz6eKk7M1bmXiWCNi:EcD1fBfFXR667W+e5RLoztZ026eKkiFi

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks