General
-
Target
10A30B9776BB8981976FE678E4538E68C8FBBB0A57F34.exe
-
Size
537KB
-
Sample
210507-9pm4s6ydze
-
MD5
e04ed1d1bfb04cb9a47a2f8b23613d3f
-
SHA1
294287a158af747c67c2d12d2359c8968ca5bdfd
-
SHA256
10a30b9776bb8981976fe678e4538e68c8fbbb0a57f34934978b3df7238be8d5
-
SHA512
207165316fa0b18d36d2989b6ece2e0c1c8b3775171f2bb97b8ecea0a5c59c37f89f5af4fa2d4b580257a3a763c40708bc92a85464d7789ea6c5cbfa1e08fcc6
Static task
static1
Behavioral task
behavioral1
Sample
10A30B9776BB8981976FE678E4538E68C8FBBB0A57F34.exe
Resource
win7v20210410
Malware Config
Extracted
limerat
1CUdxaF2Z2M9DewCbmhsJUwqDJCxMo7mcx
-
aes_key
NYAN
-
antivm
false
-
c2_url
https://pastebin.com/raw/SkZ5tGQH
-
delay
3
-
download_payload
true
-
install
true
-
install_name
update.exe
-
main_folder
AppData
-
payload_url
http://bankschannelpub.com/wp-content/upgrade/dll.exe
-
pin_spread
false
-
sub_folder
\update\
-
usb_spread
false
Extracted
oski
trafficbadassery.com/a/
Targets
-
-
Target
10A30B9776BB8981976FE678E4538E68C8FBBB0A57F34.exe
-
Size
537KB
-
MD5
e04ed1d1bfb04cb9a47a2f8b23613d3f
-
SHA1
294287a158af747c67c2d12d2359c8968ca5bdfd
-
SHA256
10a30b9776bb8981976fe678e4538e68c8fbbb0a57f34934978b3df7238be8d5
-
SHA512
207165316fa0b18d36d2989b6ece2e0c1c8b3775171f2bb97b8ecea0a5c59c37f89f5af4fa2d4b580257a3a763c40708bc92a85464d7789ea6c5cbfa1e08fcc6
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-