34.0.0 Boulder Opal
IR
626099
CloudBasic
15:42:10
13/05/2022
SOA.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
f18604d5fc3e2930e85c403e0e80a459
aa0517c10c333f9a9a64eba154ea915464ebf2bb
46584937f3c753886bb38030047dd11c73d46bf01c5e52a95118108634ee2081
Win32 Executable (generic) Net Framework (10011505/4) 49.83%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SOA.exe.log
true
69206D3AF7D6EFD08F4B4726998856D3
E778D4BF781F7712163CF5E2F5E7C15953E484CF
A937AD22F9C3E667A062BA0E116672960CD93522F6997C77C00370755929BA87
C:\Windows\System32\drivers\etc\hosts
true
6EB47C1CF858E25486E42440074917F2
6A63F93A95E1AE831C393A97158C526A4FA0FAAE
9B13A3EA948A1071A81787AAC1930B89E30DF22CE13F8FF751F31B5D83E79FFB
api.telegram.org
false
149.154.167.220
http://www.jiyu-kobo.co.jp/lt
false
unknown
http://127.0.0.1:HTTP/1.1
false
unknown
http://www.fontbureau.com/designersG
false
unknown
http://www.fontbureau.com/designers/?
false
unknown
http://fontfabrik.comX
false
unknown
http://www.founder.com.cn/cn/bThe
false
unknown
https://api.telegram.org
false
unknown
http://www.fontbureau.com/designers?
false
unknown
http://www.fontbureau.comC.TTFZ
false
unknown
http://www.tiro.com
false
unknown
http://www.fontbureau.com/designers
false
unknown
http://www.fontbureau.comessed
false
unknown
http://www.goodfont.co.kr
false
unknown
http://www.carterandcone.com
false
unknown
http://www.sajatypeworks.com
false
unknown
http://www.typography.netD
false
unknown
http://www.founder.com.cn/cn/cThe
false
unknown
http://www.galapagosdesign.com/staff/dennis.htm
false
unknown
http://fontfabrik.com
false
unknown
http://www.sakkal.comr
false
unknown
http://www.fontbureau.comgreta
false
unknown
http://www.founder.com.cn/cny
false
unknown
http://www.jiyu-kobo.co.jp//
false
unknown
http://www.jiyu-kobo.co.jp/.
false
unknown
http://www.jiyu-kobo.co.jp/jp/m
false
unknown
http://www.galapagosdesign.com/DPlease
false
unknown
http://www.jiyu-kobo.co.jp/Boldv
false
unknown
https://api.ipify.org%GETMozilla/5.0
false
unknown
http://www.fonts.com
false
unknown
http://www.sandoll.co.kr
false
unknown
http://www.urwpp.deDPlease
false
unknown
http://www.founder.com.cn/cnl-s
false
unknown
http://www.urwpp.de
false
unknown
http://www.zhongyicts.com.cn
false
unknown
http://www.fontbureau.commv
false
unknown
http://www.jiyu-kobo.co.jp/waS
false
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
false
unknown
http://www.sakkal.com
false
unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
false
unknown
http://www.fontbureau.comueed
false
unknown
http://www.jiyu-kobo.co.jp/jp/Z
false
unknown
http://www.founder.com.cn/cnd
false
unknown
http://www.apache.org/licenses/LICENSE-2.0
false
unknown
http://www.fontbureau.com
false
unknown
http://www.galapagosdesign.com/
false
unknown
http://DynDns.comDynDNS
false
unknown
http://www.sajatypeworks.comTF
false
unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
false
unknown
https://api.telegram.org/bot2134979594:AAFk4QkrlHlt2a-q-EhIoHZBbzxSH0QxiBI/sendDocument
false
unknown
http://www.carterandcone.como.F
false
unknown
http://www.jiyu-kobo.co.jp/P
false
unknown
https://api.telegram.org/bot2134979594:AAFk4QkrlHlt2a-q-EhIoHZBbzxSH0QxiBI/
false
unknown
http://www.sajatypeworks.com-e=n
false
unknown
https://jkqQodeR5y.net
false
unknown
http://www.jiyu-kobo.co.jp/oi
false
unknown
http://www.jiyu-kobo.co.jp/jp/
false
unknown
http://www.fontbureau.comd
false
unknown
https://api.telegram.org/bot2134979594:AAFk4QkrlHlt2a-q-EhIoHZBbzxSH0QxiBI/sendDocumentdocument-----
false
unknown
https://api.ipify.org%$
false
unknown
http://www.carterandcone.coml
false
unknown
http://www.tiro.
false
unknown
http://www.founder.com.cn/cn/
false
unknown
http://www.fontbureau.com/designers/cabarga.htmlN
false
unknown
http://www.founder.com.cn/cn
false
unknown
http://www.fontbureau.com/designers/frere-jones.html
false
unknown
http://www.fontbureau.comdQ
false
unknown
http://www.jiyu-kobo.co.jp/v
false
unknown
http://www.monotype.
false
unknown
http://www.fontbureau.comsivF
false
unknown
http://www.jiyu-kobo.co.jp/m
false
unknown
http://www.fontbureau.com/designers$
false
unknown
http://www.fontbureau.comcea
false
unknown
http://www.jiyu-kobo.co.jp/
false
unknown
http://www.jiyu-kobo.co.jp/Y0-e
false
unknown
http://www.fonts.com;S;
false
unknown
http://www.fontbureau.com/designers8
false
unknown
http://www.fontbureau.comitu
false
unknown
http://www.fontbureau.comals
false
unknown
http://www.fontbureau.comM.TTF
false
unknown
http://www.jiyu-kobo.co.jp/d
false
unknown
https://api.telegram.org4Kl
false
unknown
http://api.telegram.org
false
unknown
http://bLHfhV.com
false
unknown
http://www.urwpp.deivb
false
unknown
http://www.founder.com.cn/cnkj
false
unknown
Found malware configuration
Writes to foreign memory regions
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Modifies the hosts file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected Telegram RAT
Yara detected AgentTesla
Uses the Telegram API (likely for C&C communication)
Yara detected AntiVM3
Machine Learning detection for sample
Injects a PE file into a foreign processes
Yara detected Generic Downloader
.NET source code contains very large array initializations
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)