General
-
Target
SOA.exe
-
Size
848KB
-
Sample
210727-1rr2ykhvqs
-
MD5
d9344c912365aabd84371a9af639f7d2
-
SHA1
b57633c65e2589e00622eb589825c72ab4ce77ff
-
SHA256
bf8a6acb579ba856c81bef70a2a4d8050448fa341473893cecc21d0fa34f4f65
-
SHA512
4de960219fdf45939f2500b499a90aa4a00ae88276c81d5197a57113816109aad2426bcfbb50007123d664867a75f6201d66d04b3e2ba9a59a2ecbb0482eb64e
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.mpjewellers.com - Port:
587 - Username:
midnapore@mpjewellers.com - Password:
mpjw2013
Extracted
Protocol: smtp- Host:
smtp.mpjewellers.com - Port:
587 - Username:
midnapore@mpjewellers.com - Password:
mpjw2013
Targets
-
-
Target
SOA.exe
-
Size
848KB
-
MD5
d9344c912365aabd84371a9af639f7d2
-
SHA1
b57633c65e2589e00622eb589825c72ab4ce77ff
-
SHA256
bf8a6acb579ba856c81bef70a2a4d8050448fa341473893cecc21d0fa34f4f65
-
SHA512
4de960219fdf45939f2500b499a90aa4a00ae88276c81d5197a57113816109aad2426bcfbb50007123d664867a75f6201d66d04b3e2ba9a59a2ecbb0482eb64e
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-