General
-
Target
UPDATTED SOA.exe
-
Size
1.0MB
-
Sample
221001-g267nafed9
-
MD5
7a6b0980328902701e46b0e67288b565
-
SHA1
18eece768efd6b51990336bd7d580902db79f951
-
SHA256
8c456876915598dc988732791d60ea7129c1f03f9eabd10951ce2996c9c0997f
-
SHA512
e167579fbe129b819fc79581a34fc58c0fefb773ca7bc0e98b7024435cc0c8f0df7fbe86be21ecf338eedb7aeb442c8ec0a7b67a44330c1c219683f560bd168e
-
SSDEEP
12288:NikVrArSr9kMp1txX2iNoADqjJ5nmZhS/NFMWINKJmAtnn+F3ORwspu:xrArSrBv1Qjr+NoJm4+F3+A
Static task
static1
Behavioral task
behavioral1
Sample
UPDATTED SOA.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
UPDATTED SOA.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5227573794:AAECZBnQSxLs0aOVsV2wnclC6-WKnxPpi_k/sendMessage?chat_id=5217421430
Targets
-
-
Target
UPDATTED SOA.exe
-
Size
1.0MB
-
MD5
7a6b0980328902701e46b0e67288b565
-
SHA1
18eece768efd6b51990336bd7d580902db79f951
-
SHA256
8c456876915598dc988732791d60ea7129c1f03f9eabd10951ce2996c9c0997f
-
SHA512
e167579fbe129b819fc79581a34fc58c0fefb773ca7bc0e98b7024435cc0c8f0df7fbe86be21ecf338eedb7aeb442c8ec0a7b67a44330c1c219683f560bd168e
-
SSDEEP
12288:NikVrArSr9kMp1txX2iNoADqjJ5nmZhS/NFMWINKJmAtnn+F3ORwspu:xrArSrBv1Qjr+NoJm4+F3+A
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-