General
-
Target
b9ff9def3505980f5cadd14fbde03af120d975c9a602379af3dadc0b72b9c9e8
-
Size
28KB
-
Sample
220520-g44vbadha6
-
MD5
e408f9e211189586d4d923deafb308b4
-
SHA1
bab83e49a11631bc5ecfd39389157e1c8a7f8f85
-
SHA256
b9ff9def3505980f5cadd14fbde03af120d975c9a602379af3dadc0b72b9c9e8
-
SHA512
b383c33eb4ce0a426b27d4983a57ad4cdfc44db2dcc2bd0b4b3d5031cbefe543b65534bc517a5267a95d0de7e9da293c2441fa6bc6856e2351ce5e26268080bd
Static task
static1
Behavioral task
behavioral1
Sample
b9ff9def3505980f5cadd14fbde03af120d975c9a602379af3dadc0b72b9c9e8.exe
Resource
win7-20220414-en
Malware Config
Extracted
limerat
-
aes_key
Nyan
-
antivm
false
-
c2_url
https://pastebin.com/raw/vy21B6hE
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Targets
-
-
Target
b9ff9def3505980f5cadd14fbde03af120d975c9a602379af3dadc0b72b9c9e8
-
Size
28KB
-
MD5
e408f9e211189586d4d923deafb308b4
-
SHA1
bab83e49a11631bc5ecfd39389157e1c8a7f8f85
-
SHA256
b9ff9def3505980f5cadd14fbde03af120d975c9a602379af3dadc0b72b9c9e8
-
SHA512
b383c33eb4ce0a426b27d4983a57ad4cdfc44db2dcc2bd0b4b3d5031cbefe543b65534bc517a5267a95d0de7e9da293c2441fa6bc6856e2351ce5e26268080bd
-
Legitimate hosting services abused for malware hosting/C2
-