General
-
Target
15f4b6929cbee254d6c0e3c01ef9fea87429672c69f3d3cd7b5e660cba803417
-
Size
1011KB
-
Sample
220609-f4e1hsada8
-
MD5
21f454b4d56bee3c48b258523e2070ab
-
SHA1
954babe6641fcc124a7ad1260c41dda0b48fee18
-
SHA256
15f4b6929cbee254d6c0e3c01ef9fea87429672c69f3d3cd7b5e660cba803417
-
SHA512
ac93e9cd32c5f1b67f4be0452896ca2066b826a58041553b1a849087d77aed3d75bd7f8175aeec94bfd465921e8dd6bf5a42ded086b8e328d197fa5df4f5a0a8
Static task
static1
Behavioral task
behavioral1
Sample
15f4b6929cbee254d6c0e3c01ef9fea87429672c69f3d3cd7b5e660cba803417.exe
Resource
win7-20220414-en
Malware Config
Extracted
limerat
1JBKLGyE6AnRGvk92A8x3m8qmXfh3fcEty
-
aes_key
nulled
-
antivm
true
-
c2_url
https://pastebin.com/raw/cXuQ0V20
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Winservices.exe
-
main_folder
AppData
-
pin_spread
false
-
sub_folder
\Services\
-
usb_spread
true
Targets
-
-
Target
15f4b6929cbee254d6c0e3c01ef9fea87429672c69f3d3cd7b5e660cba803417
-
Size
1011KB
-
MD5
21f454b4d56bee3c48b258523e2070ab
-
SHA1
954babe6641fcc124a7ad1260c41dda0b48fee18
-
SHA256
15f4b6929cbee254d6c0e3c01ef9fea87429672c69f3d3cd7b5e660cba803417
-
SHA512
ac93e9cd32c5f1b67f4be0452896ca2066b826a58041553b1a849087d77aed3d75bd7f8175aeec94bfd465921e8dd6bf5a42ded086b8e328d197fa5df4f5a0a8
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-