General
-
Target
1a422b2a6288cbb50beb3c380df782bcccf7516e74fceb799d5e1b014e9fb252
-
Size
578KB
-
Sample
220608-eedkqabhd3
-
MD5
47ecbdb0923b8a4f61cee15070166420
-
SHA1
124584f17de3f288f9f3294338070df80c409186
-
SHA256
1a422b2a6288cbb50beb3c380df782bcccf7516e74fceb799d5e1b014e9fb252
-
SHA512
f1824101e2e55c638e3c446f3bd10a9f96f20ddd5341de54c4b0afbc46efd02976bd73040724d7c75868dde6c09ca151c891fb1d825866b3e461a86900599e38
Static task
static1
Behavioral task
behavioral1
Sample
1a422b2a6288cbb50beb3c380df782bcccf7516e74fceb799d5e1b014e9fb252.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1a422b2a6288cbb50beb3c380df782bcccf7516e74fceb799d5e1b014e9fb252.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
limerat
359Z6KxMenwvgkA7vpGeBtinJPTj5raZz8
-
aes_key
arglobal
-
antivm
false
-
c2_url
https://pastebin.com/raw/CV5RHE9G
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Targets
-
-
Target
1a422b2a6288cbb50beb3c380df782bcccf7516e74fceb799d5e1b014e9fb252
-
Size
578KB
-
MD5
47ecbdb0923b8a4f61cee15070166420
-
SHA1
124584f17de3f288f9f3294338070df80c409186
-
SHA256
1a422b2a6288cbb50beb3c380df782bcccf7516e74fceb799d5e1b014e9fb252
-
SHA512
f1824101e2e55c638e3c446f3bd10a9f96f20ddd5341de54c4b0afbc46efd02976bd73040724d7c75868dde6c09ca151c891fb1d825866b3e461a86900599e38
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-