General
-
Target
421f9491d4c177062145f7e29974d3283e52f3cea5ceaffe2b929935b8ae2663
-
Size
1.1MB
-
Sample
220511-cykr2adeh4
-
MD5
1916196e3398af9b94d6b6dde67ece83
-
SHA1
583df5442943307e569f62602521951dbcf684d8
-
SHA256
421f9491d4c177062145f7e29974d3283e52f3cea5ceaffe2b929935b8ae2663
-
SHA512
4b82ce62419647fa23900c861a8a98b395fa04c24263d44b3ca0b31e2dc546959ab63a27de535c364e8651197b2167e27c583749381a0dda6a6fc90fe5c8940c
Static task
static1
Behavioral task
behavioral1
Sample
421f9491d4c177062145f7e29974d3283e52f3cea5ceaffe2b929935b8ae2663.exe
Resource
win7-20220414-en
Malware Config
Extracted
limerat
-
aes_key
nulled
-
antivm
true
-
c2_url
https://pastebin.com/raw/cXuQ0V20
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Winservices.exe
-
main_folder
AppData
-
pin_spread
false
-
sub_folder
\
-
usb_spread
true
Targets
-
-
Target
421f9491d4c177062145f7e29974d3283e52f3cea5ceaffe2b929935b8ae2663
-
Size
1.1MB
-
MD5
1916196e3398af9b94d6b6dde67ece83
-
SHA1
583df5442943307e569f62602521951dbcf684d8
-
SHA256
421f9491d4c177062145f7e29974d3283e52f3cea5ceaffe2b929935b8ae2663
-
SHA512
4b82ce62419647fa23900c861a8a98b395fa04c24263d44b3ca0b31e2dc546959ab63a27de535c364e8651197b2167e27c583749381a0dda6a6fc90fe5c8940c
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-