General
-
Target
SOA.exe
-
Size
367KB
-
Sample
211130-hjm7haeagm
-
MD5
6323ec4de1703dec9bf3f77480e24b99
-
SHA1
c34df01130e9ed98f6a335f21f334f282906afb7
-
SHA256
7065c0e426806e2d05ea956efc6e790595163494c5f66bb30d54bef771764f9d
-
SHA512
aa792d6ab9ec3bc52c39318bba428cb46c6e7d6f65dfd3aa02410280fd9d98f3d747eb76d7f4e16a707a5eec2356706da7810c6d20c18915bda1a12c513fe180
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.stlwtgroup.com - Port:
587 - Username:
simon.ho@stlwtgroup.com - Password:
Simon97292457
Targets
-
-
Target
SOA.exe
-
Size
367KB
-
MD5
6323ec4de1703dec9bf3f77480e24b99
-
SHA1
c34df01130e9ed98f6a335f21f334f282906afb7
-
SHA256
7065c0e426806e2d05ea956efc6e790595163494c5f66bb30d54bef771764f9d
-
SHA512
aa792d6ab9ec3bc52c39318bba428cb46c6e7d6f65dfd3aa02410280fd9d98f3d747eb76d7f4e16a707a5eec2356706da7810c6d20c18915bda1a12c513fe180
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-