General
-
Target
6ef26da1b60b7ded9865e30a03062796.exe
-
Size
268KB
-
Sample
220608-wdevtsabgk
-
MD5
6ef26da1b60b7ded9865e30a03062796
-
SHA1
69022e9ac2104e3d0d61d916e485b39e0fdf9868
-
SHA256
eb2ecf4e69565b73a8d8e0e482720d4cd53da84a12a4bbc3614ae8a140e9cec4
-
SHA512
d22477daf5597d2c7d5e5432a29393eb1e1ccaf5f1f30dd39e910552cdd65dde206121dc0ad42c58f71c74975d66c3b48335a5e5963529110eed8c6d7e184bb5
Static task
static1
Behavioral task
behavioral1
Sample
6ef26da1b60b7ded9865e30a03062796.exe
Resource
win7-20220414-en
Malware Config
Extracted
limerat
-
aes_key
Admin
-
antivm
false
-
c2_url
https://pastebin.com/raw/FkvEmWML
-
delay
3
-
download_payload
false
-
install
true
-
install_name
svhost.exe
-
main_folder
UserProfile
-
pin_spread
false
-
sub_folder
\
-
usb_spread
true
Targets
-
-
Target
6ef26da1b60b7ded9865e30a03062796.exe
-
Size
268KB
-
MD5
6ef26da1b60b7ded9865e30a03062796
-
SHA1
69022e9ac2104e3d0d61d916e485b39e0fdf9868
-
SHA256
eb2ecf4e69565b73a8d8e0e482720d4cd53da84a12a4bbc3614ae8a140e9cec4
-
SHA512
d22477daf5597d2c7d5e5432a29393eb1e1ccaf5f1f30dd39e910552cdd65dde206121dc0ad42c58f71c74975d66c3b48335a5e5963529110eed8c6d7e184bb5
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-