General
-
Target
9076b1f904d3f53fcad6a38b7852ed9cb08905f71560dde89db1026c839b77bd
-
Size
447KB
-
Sample
220510-bqt53aeef8
-
MD5
59aa84cf2e843581002f74710e77dc9e
-
SHA1
1115bc89c2b32ebe0897a0dfad12fb73b63d686c
-
SHA256
9076b1f904d3f53fcad6a38b7852ed9cb08905f71560dde89db1026c839b77bd
-
SHA512
76cdfd5669f9f82414c12dbfec251009cb453d0ceaa95486bb86bf5311f64f50ad7dcdc151954fdb953049f966d86c6ca14dbfc14947c72776c3d44c69dab42a
Static task
static1
Malware Config
Extracted
limerat
12Y8dNBQJHaFWsRnKLnYp3kJff6SmrDAaR
-
aes_key
beodz
-
antivm
false
-
c2_url
https://pastebin.com/raw/nEZ87Pwx
-
delay
3
-
download_payload
false
-
install
true
-
install_name
winlogins.exe
-
main_folder
AppData
-
pin_spread
false
-
sub_folder
\AppData\Windows Protector\
-
usb_spread
false
Targets
-
-
Target
9076b1f904d3f53fcad6a38b7852ed9cb08905f71560dde89db1026c839b77bd
-
Size
447KB
-
MD5
59aa84cf2e843581002f74710e77dc9e
-
SHA1
1115bc89c2b32ebe0897a0dfad12fb73b63d686c
-
SHA256
9076b1f904d3f53fcad6a38b7852ed9cb08905f71560dde89db1026c839b77bd
-
SHA512
76cdfd5669f9f82414c12dbfec251009cb453d0ceaa95486bb86bf5311f64f50ad7dcdc151954fdb953049f966d86c6ca14dbfc14947c72776c3d44c69dab42a
-
XMRig Miner Payload
-
Blocklisted process makes network request
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-