General
-
Target
UPDATTED SOA.zip
-
Size
577KB
-
Sample
221002-qyh54aafdp
-
MD5
afeb630b76eccf18d6c4ad396f8f55e7
-
SHA1
6131617ad4d77da7e0832f8757e332aa686d7c45
-
SHA256
52ad6d72fe71e037848ecdb2b349e125aca3982353b82e70e179dc2c61122c85
-
SHA512
822a9a0c0ffb4d0e2a756f78f576573e2b5ba8940421a0ced6d8fa06541c554561532f6aaadfde97f1e9a1cfd35a5d6b7369805cbdd715db6de2f1eb83a51dbb
-
SSDEEP
12288:8ReNpZPg2iP3XZqzrqn2ZjS9NJoW0BEJMAFjn+F3GRwSpt:8RexI1PX8zeuRmJMQ+F3gP
Static task
static1
Behavioral task
behavioral1
Sample
UPDATTED SOA.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
UPDATTED SOA.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5227573794:AAECZBnQSxLs0aOVsV2wnclC6-WKnxPpi_k/sendMessage?chat_id=5217421430
Targets
-
-
Target
UPDATTED SOA.exe
-
Size
1.0MB
-
MD5
7a6b0980328902701e46b0e67288b565
-
SHA1
18eece768efd6b51990336bd7d580902db79f951
-
SHA256
8c456876915598dc988732791d60ea7129c1f03f9eabd10951ce2996c9c0997f
-
SHA512
e167579fbe129b819fc79581a34fc58c0fefb773ca7bc0e98b7024435cc0c8f0df7fbe86be21ecf338eedb7aeb442c8ec0a7b67a44330c1c219683f560bd168e
-
SSDEEP
12288:NikVrArSr9kMp1txX2iNoADqjJ5nmZhS/NFMWINKJmAtnn+F3ORwspu:xrArSrBv1Qjr+NoJm4+F3+A
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-