req quote.lzh

General
Target

req quote.lzh

Size

381KB

Sample

210727-evb4bp9932

Score
10 /10
MD5

e715d7983639ed5cd57d1d6d90814893

SHA1

9af6b35d8ffe5d6292c2cb75b42624f8eaa783f7

SHA256

6f7d6ab9dd45bebc793602779f132e11a28884dfc688f7710cdad670931e9864

SHA512

74e130effec38fff553085ec2a5bfb6eb78166d57db823dd507f729efb2406a1452f501f3affdb9a72cf6b09f8b91ae5e39f69d69190ef7f403e14c8d34ce6e9

Malware Config

Extracted

Family snakekeylogger
Credentials

Protocol: smtp

Host: webmail.aquariushotelboutique.com

Port: 25

Username: bseriosema@aquariushotelboutique.com

Password: 6)fvPIxcEVwT

Targets
Target

req quote.bat

MD5

3988c73d0fe8cc854333752bc9c16413

Filesize

547KB

Score
10 /10
SHA1

607cf59d672fc032bcd63caa0e77b0c3a62121b9

SHA256

78c0352da41b3c206b12ea2d8d3f96c33c361e2211437c9746629023b1f0c094

SHA512

1ac7d447c0ce756af2bfc381dc1c8d939e0e649d76ead8da7d9abd24dee3758192a6bd0cd9bcef5e72f2df507a18a8f1bde3b89867eb17895fb0f18b0faf0744

Tags

Signatures

  • Snake Keylogger

    Description

    Keylogger and Infostealer first seen in November 2020.

    Tags

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks