General
-
Target
110ef1bf1f55e400ef17c8179a25f696c4f667741b89a998ba0ea041fe53e916
-
Size
562KB
-
Sample
220604-lzw15aaeg7
-
MD5
f2530b49d6b1f37cfeee86a51765ab12
-
SHA1
ab3ca665581d06a8cd9bf7641833b3265888e462
-
SHA256
110ef1bf1f55e400ef17c8179a25f696c4f667741b89a998ba0ea041fe53e916
-
SHA512
b26d5977bddf4a58f7e4ef1b33253984492627715952cd7fd5bdb42633a6956b846d05529435db26cc9bf20522a912d948df4ddf352a115c1589e50f474f0e9c
Static task
static1
Behavioral task
behavioral1
Sample
110ef1bf1f55e400ef17c8179a25f696c4f667741b89a998ba0ea041fe53e916.exe
Resource
win7-20220414-en
Malware Config
Extracted
limerat
359Z6KxMenwvgkA7vpGeBtinJPTj5raZz8
-
aes_key
arglobal
-
antivm
false
-
c2_url
https://pastebin.com/raw/CV5RHE9G
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Targets
-
-
Target
110ef1bf1f55e400ef17c8179a25f696c4f667741b89a998ba0ea041fe53e916
-
Size
562KB
-
MD5
f2530b49d6b1f37cfeee86a51765ab12
-
SHA1
ab3ca665581d06a8cd9bf7641833b3265888e462
-
SHA256
110ef1bf1f55e400ef17c8179a25f696c4f667741b89a998ba0ea041fe53e916
-
SHA512
b26d5977bddf4a58f7e4ef1b33253984492627715952cd7fd5bdb42633a6956b846d05529435db26cc9bf20522a912d948df4ddf352a115c1589e50f474f0e9c
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-