General
-
Target
LavinStresser.bin.zip
-
Size
1.3MB
-
Sample
211020-ncxegsghg8
-
MD5
4660f33c57ac7469075c160f0b3823f2
-
SHA1
e5d725652b399256b1cba8d4a8cd232485c45949
-
SHA256
b8a7c8840c7c65a0c5238f62442043e7f968d2d36bbaee8bc65a6cc10b184367
-
SHA512
b374bd45dbc809dd3f0062aa7358f16efa93a4fa51940a5c71eac76e73cc82da3bd41cf00672a33ddc0fb1cea14ad145c34613db9587614a4b22a6875c79ae94
Static task
static1
Behavioral task
behavioral1
Sample
LavinStresser.bin.exe
Resource
win7-en-20211014
Malware Config
Extracted
limerat
-
aes_key
Frago67573DARK
-
antivm
true
-
c2_url
https://pastebin.com/raw/bYeMnu8H
-
delay
3
-
download_payload
false
-
install
true
-
install_name
Wservices.exe
-
main_folder
AppData
-
pin_spread
true
-
sub_folder
\Logs32\
-
usb_spread
false
Targets
-
-
Target
LavinStresser.bin
-
Size
1.4MB
-
MD5
a7b2778a7e1c6be043dd7105f87da85c
-
SHA1
dbd9c08e83371a1b01eea6cff0c445601c4b755f
-
SHA256
a58ccc58f2dc5796554f00abe6516c592ffac223dedca8b39e91c4532b4601c0
-
SHA512
df529efaf825775d670011dc1d928edbda2b1bfca030e45aa57e0d850ccb9140bc2248ee429c22d8a0f3a3cd489c177f1ef00c128339a500688adc14bb43b2de
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-