General
-
Target
48bae3b18af5c2c01d01a8a899383cc0.exe
-
Size
28KB
-
Sample
210525-925djxwd9x
-
MD5
48bae3b18af5c2c01d01a8a899383cc0
-
SHA1
1aca6c456d5aae801e9b5c8eb638d56aeaf578ee
-
SHA256
cdee11382a227ef32c72808129deabd7deab5e5c41ed31108242e7f53e2c62d7
-
SHA512
6d620fbcdf8897ae46947314b4da38de97f39b8fd5fe4efa9b44af80095295ecc21576588c6e0e33ff23f24c0050b6eee7f5b3c84882b8b997efa951f4b82a9f
Static task
static1
Behavioral task
behavioral1
Sample
48bae3b18af5c2c01d01a8a899383cc0.exe
Resource
win7v20210410
Malware Config
Extracted
limerat
-
aes_key
1234
-
antivm
false
-
c2_url
https://pastebin.com/raw/hTv7e3sA
-
delay
3
-
download_payload
false
-
install
true
-
install_name
Registry.exe
-
main_folder
UserProfile
-
pin_spread
false
-
sub_folder
\Contacts\
-
usb_spread
true
Targets
-
-
Target
48bae3b18af5c2c01d01a8a899383cc0.exe
-
Size
28KB
-
MD5
48bae3b18af5c2c01d01a8a899383cc0
-
SHA1
1aca6c456d5aae801e9b5c8eb638d56aeaf578ee
-
SHA256
cdee11382a227ef32c72808129deabd7deab5e5c41ed31108242e7f53e2c62d7
-
SHA512
6d620fbcdf8897ae46947314b4da38de97f39b8fd5fe4efa9b44af80095295ecc21576588c6e0e33ff23f24c0050b6eee7f5b3c84882b8b997efa951f4b82a9f
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-