General
-
Target
bf4cd2f5d664e2a8d60f411dce8359b6.exe
-
Size
190KB
-
Sample
220521-t5nkyaddfp
-
MD5
bf4cd2f5d664e2a8d60f411dce8359b6
-
SHA1
1f6dce3eaef268dc95e1c61bcda025a5f46bc5ef
-
SHA256
57638abb65ee04cbd560abcddb83414f992551282310ed4659c74b0687027092
-
SHA512
437bf91698dbd44fde048bcf0ea8c91c56eea0693e45a79c8079c6e5ecdc61c82ac28190dd767e87e5e047877a345ed1fc3db7a09ca45a03805877bda1396890
Static task
static1
Behavioral task
behavioral1
Sample
bf4cd2f5d664e2a8d60f411dce8359b6.exe
Resource
win7-20220414-en
Malware Config
Extracted
limerat
bc1quxey9qaznc2p3yjkerld76m3ktpewnh7m5ahpt
-
aes_key
103010
-
antivm
true
-
c2_url
https://agleamoda.000webhostapp.com/link.html
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
true
Targets
-
-
Target
bf4cd2f5d664e2a8d60f411dce8359b6.exe
-
Size
190KB
-
MD5
bf4cd2f5d664e2a8d60f411dce8359b6
-
SHA1
1f6dce3eaef268dc95e1c61bcda025a5f46bc5ef
-
SHA256
57638abb65ee04cbd560abcddb83414f992551282310ed4659c74b0687027092
-
SHA512
437bf91698dbd44fde048bcf0ea8c91c56eea0693e45a79c8079c6e5ecdc61c82ac28190dd767e87e5e047877a345ed1fc3db7a09ca45a03805877bda1396890
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-