General
-
Target
067eb1294e4dd4b17b802236519c2147a4f3ba91cdcadd45a9bf8b3f6e2b742c
-
Size
169KB
-
Sample
220531-gkrqmsgaf5
-
MD5
7b955932e068086f5684a1fa06144746
-
SHA1
51f7a62e2055a75dce2a4e2703b9de218b776b52
-
SHA256
067eb1294e4dd4b17b802236519c2147a4f3ba91cdcadd45a9bf8b3f6e2b742c
-
SHA512
018dcd40c7663c3bc9ece1e27fb5ab78cfa7d1f0d5aa606a7d87ceacd8fb7be5b0bb4f9ed80247ff8629210c94833b82a6f8d88384719bc03d75a2ba41e5b12c
Static task
static1
Behavioral task
behavioral1
Sample
067eb1294e4dd4b17b802236519c2147a4f3ba91cdcadd45a9bf8b3f6e2b742c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
067eb1294e4dd4b17b802236519c2147a4f3ba91cdcadd45a9bf8b3f6e2b742c.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
limerat
-
aes_key
pysenuu
-
antivm
false
-
c2_url
https://pastebin.com/raw/smgAS6SG
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Targets
-
-
Target
067eb1294e4dd4b17b802236519c2147a4f3ba91cdcadd45a9bf8b3f6e2b742c
-
Size
169KB
-
MD5
7b955932e068086f5684a1fa06144746
-
SHA1
51f7a62e2055a75dce2a4e2703b9de218b776b52
-
SHA256
067eb1294e4dd4b17b802236519c2147a4f3ba91cdcadd45a9bf8b3f6e2b742c
-
SHA512
018dcd40c7663c3bc9ece1e27fb5ab78cfa7d1f0d5aa606a7d87ceacd8fb7be5b0bb4f9ed80247ff8629210c94833b82a6f8d88384719bc03d75a2ba41e5b12c
Score10/10-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-