General
-
Target
ab7b41c231ff2cfd4f9befca2ce8af7478848a956efbbbd534283e549580acd0
-
Size
845KB
-
Sample
220520-2shsxsahgq
-
MD5
c29b3a45fa82325fc62f03f2da1e2975
-
SHA1
2655cc45ccabc43db6791cd57080b1be3a84a775
-
SHA256
ab7b41c231ff2cfd4f9befca2ce8af7478848a956efbbbd534283e549580acd0
-
SHA512
5baaaef6460890762441cbad946031809f2754b8fea363ed0a90267cb0a026ffdb9d686d51cd96010c6d7d82b8f9e2755eff9903c61cb0bc79d04fdb90bbf6ae
Static task
static1
Behavioral task
behavioral1
Sample
ab7b41c231ff2cfd4f9befca2ce8af7478848a956efbbbd534283e549580acd0.exe
Resource
win7-20220414-en
Malware Config
Extracted
limerat
-
aes_key
NYANCAT
-
antivm
false
-
c2_url
https://pastebin.com/raw/RScXPXsx
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Server.exe
-
main_folder
AppData
-
pin_spread
false
-
sub_folder
\Mail-Server\
-
usb_spread
false
Targets
-
-
Target
ab7b41c231ff2cfd4f9befca2ce8af7478848a956efbbbd534283e549580acd0
-
Size
845KB
-
MD5
c29b3a45fa82325fc62f03f2da1e2975
-
SHA1
2655cc45ccabc43db6791cd57080b1be3a84a775
-
SHA256
ab7b41c231ff2cfd4f9befca2ce8af7478848a956efbbbd534283e549580acd0
-
SHA512
5baaaef6460890762441cbad946031809f2754b8fea363ed0a90267cb0a026ffdb9d686d51cd96010c6d7d82b8f9e2755eff9903c61cb0bc79d04fdb90bbf6ae
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-