General
-
Target
158bfb443a9ce4a699f2943c31ddab445147f49cd8459269e20c2a0a2f4c6e9c
-
Size
595KB
-
Sample
220609-hjng9sdcg8
-
MD5
36a64e97c0958e5a5497d2b2201ca47b
-
SHA1
926358ae52ace4b717122d799ee3b2ad31cefaf6
-
SHA256
158bfb443a9ce4a699f2943c31ddab445147f49cd8459269e20c2a0a2f4c6e9c
-
SHA512
e1b4d339947f743d5c45566c14be293fd6c427ba0ed9c4ad3e7f275e31e58e9bfd06b442b9d6009b745e0c91d91dee4e8b83280ee68f102b3d7fc74bf3b9dda2
Static task
static1
Behavioral task
behavioral1
Sample
158bfb443a9ce4a699f2943c31ddab445147f49cd8459269e20c2a0a2f4c6e9c.exe
Resource
win7-20220414-en
Malware Config
Extracted
limerat
359Z6KxMenwvgkA7vpGeBtinJPTj5raZz8
-
aes_key
arglobal
-
antivm
false
-
c2_url
https://pastebin.com/raw/CV5RHE9G
-
delay
3
-
download_payload
true
-
install
false
-
install_name
Wservices.exe
-
main_folder
AppData
-
payload_url
http://23.249.161.100/zaher/zahr.exe
-
pin_spread
false
-
sub_folder
\vbc\
-
usb_spread
false
Targets
-
-
Target
158bfb443a9ce4a699f2943c31ddab445147f49cd8459269e20c2a0a2f4c6e9c
-
Size
595KB
-
MD5
36a64e97c0958e5a5497d2b2201ca47b
-
SHA1
926358ae52ace4b717122d799ee3b2ad31cefaf6
-
SHA256
158bfb443a9ce4a699f2943c31ddab445147f49cd8459269e20c2a0a2f4c6e9c
-
SHA512
e1b4d339947f743d5c45566c14be293fd6c427ba0ed9c4ad3e7f275e31e58e9bfd06b442b9d6009b745e0c91d91dee4e8b83280ee68f102b3d7fc74bf3b9dda2
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-