General

  • Target

    536-67-0x0000000000400000-0x000000000040E000-memory.dmp

  • Size

    56KB

  • MD5

    1ed22821ee89b7730e45d623a30d9535

  • SHA1

    a81ffa72774cdf2f147cbc3385f3eaf143ada2c5

  • SHA256

    7437e0301eb6276c3c28dc34eabc6a7be89b1059021efcea8a96963f811c7ae9

  • SHA512

    d9e648afbc9dcf9cadf85026c0d47ed81ef0f7669a0266ac922e0f7f3a5b13c0327ec9ccc1af0246f5ea24c676710026aa5922c1650bed339d439af408ada641

  • SSDEEP

    384:kB+Sbj6NKqZE6eWrAiusIsqDyPeBd57cvDKNrCeJE3WNgVjzAzPz76tpWcbQro35:ipq26eWrpu+Pev57S45NK67TcHFj

Score
10/10

Malware Config

Extracted

Family

limerat

Wallets

bc1quxey9qaznc2p3yjkerld76m3ktpewnh7m5ahpt

Attributes
  • aes_key

    103010

  • antivm

    true

  • c2_url

    https://agleamoda.000webhostapp.com/link.html

  • delay

    3

  • download_payload

    false

  • install

    false

  • install_name

    Wservices.exe

  • main_folder

    Temp

  • pin_spread

    false

  • sub_folder

    \

  • usb_spread

    true

Signatures

Files

  • 536-67-0x0000000000400000-0x000000000040E000-memory.dmp
    .exe windows x86


    Headers

    Sections