General

  • Target

    1880-66-0x0000000000400000-0x000000000040E000-memory.dmp

  • Size

    56KB

  • MD5

    0c22315ba4bb9882e5d4ac515227bb87

  • SHA1

    8620ca1f2a93363da7764255e2729f724d18ae8b

  • SHA256

    38e78f817791159e651d055b665b11b3cb7a192b994b064403b3065512f0f80a

  • SHA512

    07f4aa797f976ea24edb33896f58bf7069cc538e5071b07c601b4eb21786d2e3f7a90cca296dc1260c315d3e67f76ca4a61f9769bb3d7b39ef13dd5c5c2c8f3a

  • SSDEEP

    384:kB+Sbj6NKqZE6eWrAiusIsqDyPeBd57cvDKNrCeJE3WNgVjzAzPz76tpWcbQro35:ipq26eWrpu+Pev57S45NK67TcHFj

Score
10/10

Malware Config

Extracted

Family

limerat

Wallets

bc1quxey9qaznc2p3yjkerld76m3ktpewnh7m5ahpt

Attributes
  • aes_key

    103010

  • antivm

    true

  • c2_url

    https://agleamoda.000webhostapp.com/link.html

  • delay

    3

  • download_payload

    false

  • install

    false

  • install_name

    Wservices.exe

  • main_folder

    Temp

  • pin_spread

    false

  • sub_folder

    \

  • usb_spread

    true

Signatures

Files

  • 1880-66-0x0000000000400000-0x000000000040E000-memory.dmp
    .exe windows x86


    Headers

    Sections