General
-
Target
d086a31a44909d927eb3749efeda5e4eb46fbcd31994f1e2ed67e5b158e9e6df
-
Size
752KB
-
Sample
220520-dhagsshedn
-
MD5
65a3a6fa5112e1cec737ea422634d690
-
SHA1
312fcbab630d9cb957fbde73e5f29f276d887640
-
SHA256
d086a31a44909d927eb3749efeda5e4eb46fbcd31994f1e2ed67e5b158e9e6df
-
SHA512
8814074f01d14e243b250436fdd91ebcf89cbe55e870c6a597417feeaf176dc5ff8b670eff5d79a5156215082278af40ca0b47421f3fadb4189b8f51fef8132d
Static task
static1
Behavioral task
behavioral1
Sample
d086a31a44909d927eb3749efeda5e4eb46fbcd31994f1e2ed67e5b158e9e6df.exe
Resource
win7-20220414-en
Malware Config
Extracted
limerat
1JBKLGyE6AnRGvk92A8x3m8qmXfh3fcEty
-
aes_key
nulled
-
antivm
true
-
c2_url
https://pastebin.com/raw/LPVnm7Lu
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Monitor.exe
-
main_folder
AppData
-
pin_spread
false
-
sub_folder
\
-
usb_spread
true
Targets
-
-
Target
d086a31a44909d927eb3749efeda5e4eb46fbcd31994f1e2ed67e5b158e9e6df
-
Size
752KB
-
MD5
65a3a6fa5112e1cec737ea422634d690
-
SHA1
312fcbab630d9cb957fbde73e5f29f276d887640
-
SHA256
d086a31a44909d927eb3749efeda5e4eb46fbcd31994f1e2ed67e5b158e9e6df
-
SHA512
8814074f01d14e243b250436fdd91ebcf89cbe55e870c6a597417feeaf176dc5ff8b670eff5d79a5156215082278af40ca0b47421f3fadb4189b8f51fef8132d
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-