General
-
Target
req quote.lzh
-
Size
381KB
-
Sample
210727-evb4bp9932
-
MD5
e715d7983639ed5cd57d1d6d90814893
-
SHA1
9af6b35d8ffe5d6292c2cb75b42624f8eaa783f7
-
SHA256
6f7d6ab9dd45bebc793602779f132e11a28884dfc688f7710cdad670931e9864
-
SHA512
74e130effec38fff553085ec2a5bfb6eb78166d57db823dd507f729efb2406a1452f501f3affdb9a72cf6b09f8b91ae5e39f69d69190ef7f403e14c8d34ce6e9
Static task
static1
Behavioral task
behavioral1
Sample
req quote.bat.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
req quote.bat.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
webmail.aquariushotelboutique.com - Port:
25 - Username:
bseriosema@aquariushotelboutique.com - Password:
6)fvPIxcEVwT
Targets
-
-
Target
req quote.bat
-
Size
547KB
-
MD5
3988c73d0fe8cc854333752bc9c16413
-
SHA1
607cf59d672fc032bcd63caa0e77b0c3a62121b9
-
SHA256
78c0352da41b3c206b12ea2d8d3f96c33c361e2211437c9746629023b1f0c094
-
SHA512
1ac7d447c0ce756af2bfc381dc1c8d939e0e649d76ead8da7d9abd24dee3758192a6bd0cd9bcef5e72f2df507a18a8f1bde3b89867eb17895fb0f18b0faf0744
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-