General
-
Target
SOA(12323).exe
-
Size
770KB
-
Sample
230125-nzkzzahe5s
-
MD5
70cbe946ce455bc38c630348cf08fcac
-
SHA1
289dd1babdd5efe719a7336eb7a14c8eb2669008
-
SHA256
85913d4430d1da9a29e295d98d21997c90edf6d3dea08c709c81e5c8302c3e0f
-
SHA512
b7cf4f88f0e9456a2d76463b63ea2931715d67357958e488fae9b5152ae7b9f7e6b4d06fda18cb7e4502d5808bbbc81e06414cc2aecff31bb9b422a3e56d3818
-
SSDEEP
24576:axEO7Z61GF5nqVGlxiYhSuy1IB74GrORG:YZ6wF5qMI1uBB74GiRG
Static task
static1
Behavioral task
behavioral1
Sample
SOA(12323).exe
Resource
win7-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.smpp.com.my - Port:
587 - Username:
ahsapari@smpp.com.my - Password:
abah740102
Targets
-
-
Target
SOA(12323).exe
-
Size
770KB
-
MD5
70cbe946ce455bc38c630348cf08fcac
-
SHA1
289dd1babdd5efe719a7336eb7a14c8eb2669008
-
SHA256
85913d4430d1da9a29e295d98d21997c90edf6d3dea08c709c81e5c8302c3e0f
-
SHA512
b7cf4f88f0e9456a2d76463b63ea2931715d67357958e488fae9b5152ae7b9f7e6b4d06fda18cb7e4502d5808bbbc81e06414cc2aecff31bb9b422a3e56d3818
-
SSDEEP
24576:axEO7Z61GF5nqVGlxiYhSuy1IB74GrORG:YZ6wF5qMI1uBB74GiRG
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-