General
-
Target
7719ad9b0562f347fc8096f76f7a085d21c2285afee4ff1d96977be0a25868e4
-
Size
1.1MB
-
Sample
220511-cyhmnsgcgm
-
MD5
2d768a20d0d4979a7fb7d038081328b6
-
SHA1
8a25e11047af6310bfeb933cbb57d30d61e6b11d
-
SHA256
7719ad9b0562f347fc8096f76f7a085d21c2285afee4ff1d96977be0a25868e4
-
SHA512
698015ee9ed4d357f33fb0e066212d264ce8e281f79ff3aa50ada0193adb397994df83ed42d0ad2878ec0e3aed8fd1b5b5ee9ac242e1d11e6367c66ec8ca0dbf
Static task
static1
Behavioral task
behavioral1
Sample
7719ad9b0562f347fc8096f76f7a085d21c2285afee4ff1d96977be0a25868e4.exe
Resource
win7-20220414-en
Malware Config
Extracted
limerat
1JBKLGyE6AnRGvk92A8x3m8qmXfh3fcEty
-
aes_key
nulled
-
antivm
true
-
c2_url
https://pastebin.com/raw/cXuQ0V20
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Winservices.exe
-
main_folder
AppData
-
pin_spread
false
-
sub_folder
\
-
usb_spread
true
Targets
-
-
Target
7719ad9b0562f347fc8096f76f7a085d21c2285afee4ff1d96977be0a25868e4
-
Size
1.1MB
-
MD5
2d768a20d0d4979a7fb7d038081328b6
-
SHA1
8a25e11047af6310bfeb933cbb57d30d61e6b11d
-
SHA256
7719ad9b0562f347fc8096f76f7a085d21c2285afee4ff1d96977be0a25868e4
-
SHA512
698015ee9ed4d357f33fb0e066212d264ce8e281f79ff3aa50ada0193adb397994df83ed42d0ad2878ec0e3aed8fd1b5b5ee9ac242e1d11e6367c66ec8ca0dbf
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-