General
-
Target
jRPSjUSf.exe
-
Size
50KB
-
Sample
210722-nvfw2gnz1s
-
MD5
2887c6eca27dc9a071a5c56cbaaf16cd
-
SHA1
de501f95cb4f87369d8e4d50f953e8c00c1f1256
-
SHA256
a3269daa8b505dde535e55c76d5cc76236fb45323719cb34eedf9d120caf3be1
-
SHA512
1f19cb983e66938fe1ded86ddeb471e456c81d362d6fc7713ac547cca1e17306201130689e948034a68930e9788b1169e41757fcb3fb6b8dafb3e0260af6ac21
Static task
static1
Behavioral task
behavioral1
Sample
jRPSjUSf.exe
Resource
win7v20210408
Malware Config
Extracted
limerat
-
aes_key
admin
-
antivm
false
-
c2_url
https://pastebin.com/raw/W7rdvrw6
-
delay
45
-
download_payload
false
-
install
true
-
install_name
windows.exe
-
main_folder
AppData
-
pin_spread
true
-
sub_folder
\windows\
-
usb_spread
false
Targets
-
-
Target
jRPSjUSf.exe
-
Size
50KB
-
MD5
2887c6eca27dc9a071a5c56cbaaf16cd
-
SHA1
de501f95cb4f87369d8e4d50f953e8c00c1f1256
-
SHA256
a3269daa8b505dde535e55c76d5cc76236fb45323719cb34eedf9d120caf3be1
-
SHA512
1f19cb983e66938fe1ded86ddeb471e456c81d362d6fc7713ac547cca1e17306201130689e948034a68930e9788b1169e41757fcb3fb6b8dafb3e0260af6ac21
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-