SOA.exe

General
Target

SOA.exe

Size

848KB

Sample

210727-1rr2ykhvqs

Score
10 /10
MD5

d9344c912365aabd84371a9af639f7d2

SHA1

b57633c65e2589e00622eb589825c72ab4ce77ff

SHA256

bf8a6acb579ba856c81bef70a2a4d8050448fa341473893cecc21d0fa34f4f65

SHA512

4de960219fdf45939f2500b499a90aa4a00ae88276c81d5197a57113816109aad2426bcfbb50007123d664867a75f6201d66d04b3e2ba9a59a2ecbb0482eb64e

Malware Config

Extracted

Family snakekeylogger
Credentials

Protocol: smtp

Host: smtp.mpjewellers.com

Port: 587

Username: midnapore@mpjewellers.com

Password: mpjw2013

Extracted

Credentials

Protocol: smtp

Host: smtp.mpjewellers.com

Port: 587

Username: midnapore@mpjewellers.com

Password: mpjw2013

Targets
Target

SOA.exe

MD5

d9344c912365aabd84371a9af639f7d2

Filesize

848KB

Score
10 /10
SHA1

b57633c65e2589e00622eb589825c72ab4ce77ff

SHA256

bf8a6acb579ba856c81bef70a2a4d8050448fa341473893cecc21d0fa34f4f65

SHA512

4de960219fdf45939f2500b499a90aa4a00ae88276c81d5197a57113816109aad2426bcfbb50007123d664867a75f6201d66d04b3e2ba9a59a2ecbb0482eb64e

Tags

Signatures

  • Snake Keylogger

    Description

    Keylogger and Infostealer first seen in November 2020.

    Tags

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10