General
-
Target
SOA.exe
-
Size
365KB
-
Sample
211130-hj7wxaeahk
-
MD5
b2694f03afc0bf056d54cf6983653343
-
SHA1
7abebfb8dcebe30838bc7bad49853fadfaf11e12
-
SHA256
242f17b9bbfd619a8e22c2c0b4368831e4cbc1729a4d6da65aefd5d62c575aca
-
SHA512
0f5435279b36771637e30be7b6a85adba8327a5f743b13f5108fcda2e7576efc82fac1d87563846949f77f2e54fef4197e41739ca636dbb30bafa10693c80fb5
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.agc.com.sa - Port:
587 - Username:
vijayakumar.singh@agc.com.sa - Password:
admin@admin$$
Targets
-
-
Target
SOA.exe
-
Size
365KB
-
MD5
b2694f03afc0bf056d54cf6983653343
-
SHA1
7abebfb8dcebe30838bc7bad49853fadfaf11e12
-
SHA256
242f17b9bbfd619a8e22c2c0b4368831e4cbc1729a4d6da65aefd5d62c575aca
-
SHA512
0f5435279b36771637e30be7b6a85adba8327a5f743b13f5108fcda2e7576efc82fac1d87563846949f77f2e54fef4197e41739ca636dbb30bafa10693c80fb5
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-