General
-
Target
160054467ff97cc397fce9eddc6ce8a27d24320d45ccb3a8c8ba2a28ccbc6b79
-
Size
528KB
-
Sample
220609-fx5ycsaae5
-
MD5
843cf9b98774aa08fbedf337a701b330
-
SHA1
38fff437be1ea45bc006c5f4c9494fc569ea0c85
-
SHA256
160054467ff97cc397fce9eddc6ce8a27d24320d45ccb3a8c8ba2a28ccbc6b79
-
SHA512
ff06a25534bc47df4ce01213fd28322897fd60df5ee9cf7347bf86df4d520283f098e39e9a76dd190c3d2a04d10d1d9561c5349d7d13c738ab824c1778ec12ab
Static task
static1
Behavioral task
behavioral1
Sample
160054467ff97cc397fce9eddc6ce8a27d24320d45ccb3a8c8ba2a28ccbc6b79.exe
Resource
win7-20220414-en
Malware Config
Extracted
limerat
-
aes_key
dango123
-
antivm
false
-
c2_url
http://pastebin.com/raw/fNC8bGwb
-
delay
3
-
download_payload
false
-
install
false
-
install_name
app.exe
-
main_folder
AppData
-
pin_spread
false
-
sub_folder
\app\
-
usb_spread
true
Targets
-
-
Target
160054467ff97cc397fce9eddc6ce8a27d24320d45ccb3a8c8ba2a28ccbc6b79
-
Size
528KB
-
MD5
843cf9b98774aa08fbedf337a701b330
-
SHA1
38fff437be1ea45bc006c5f4c9494fc569ea0c85
-
SHA256
160054467ff97cc397fce9eddc6ce8a27d24320d45ccb3a8c8ba2a28ccbc6b79
-
SHA512
ff06a25534bc47df4ce01213fd28322897fd60df5ee9cf7347bf86df4d520283f098e39e9a76dd190c3d2a04d10d1d9561c5349d7d13c738ab824c1778ec12ab
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-