General
-
Target
102c40347d336ac6d2a49d957243d25040b6970fd54c0fb9e424c491317ce282
-
Size
477KB
-
Sample
220604-qg979aggc6
-
MD5
db656d2e27d6498ff0fe5b390c00dcd9
-
SHA1
e27a71fd4a9ae85806e45e3ec0f5e9e44f570bf6
-
SHA256
102c40347d336ac6d2a49d957243d25040b6970fd54c0fb9e424c491317ce282
-
SHA512
0612c64bd68db820799cd5d27af58e9aaff6c800e35521789d28bb528e332d53a2b614fc5cd0e881fe2cade1870589b4d524a4d93cc51fac91c05b3f07cf54bf
Static task
static1
Behavioral task
behavioral1
Sample
102c40347d336ac6d2a49d957243d25040b6970fd54c0fb9e424c491317ce282.exe
Resource
win7-20220414-en
Malware Config
Extracted
limerat
1JBKLGyE6AnRGvk92A8x3m8qmXfh3fcEty
-
aes_key
nulled
-
antivm
true
-
c2_url
https://pastebin.com/raw/cXuQ0V20
-
delay
33
-
download_payload
false
-
install
false
-
install_name
Winservices.exe
-
main_folder
AppData
-
pin_spread
false
-
sub_folder
\Services\
-
usb_spread
true
Targets
-
-
Target
102c40347d336ac6d2a49d957243d25040b6970fd54c0fb9e424c491317ce282
-
Size
477KB
-
MD5
db656d2e27d6498ff0fe5b390c00dcd9
-
SHA1
e27a71fd4a9ae85806e45e3ec0f5e9e44f570bf6
-
SHA256
102c40347d336ac6d2a49d957243d25040b6970fd54c0fb9e424c491317ce282
-
SHA512
0612c64bd68db820799cd5d27af58e9aaff6c800e35521789d28bb528e332d53a2b614fc5cd0e881fe2cade1870589b4d524a4d93cc51fac91c05b3f07cf54bf
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-