General
-
Target
151f926c9c343e82fbe5b92a3d33997a3ed92f3d71b7e18665c4cdfdde47e992
-
Size
221KB
-
Sample
220609-j9yatscehn
-
MD5
5c6cf3b4fb665a40ca0ad6d282dac06f
-
SHA1
8e28d1d028e895d48010b2294add08bf10f2f808
-
SHA256
151f926c9c343e82fbe5b92a3d33997a3ed92f3d71b7e18665c4cdfdde47e992
-
SHA512
37a9c7059f96dcfb7de29e98de0ee149d07738577800d9f71467dbd1faf09dfecc4a07cc6d76b688c15751b587bf1efc31e0934db0e313ed4df87b08e9ce6baa
Static task
static1
Behavioral task
behavioral1
Sample
151f926c9c343e82fbe5b92a3d33997a3ed92f3d71b7e18665c4cdfdde47e992.exe
Resource
win7-20220414-en
Malware Config
Extracted
limerat
-
aes_key
Admin
-
antivm
true
-
c2_url
https://pastebin.com/raw/jh5drnd9
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Targets
-
-
Target
151f926c9c343e82fbe5b92a3d33997a3ed92f3d71b7e18665c4cdfdde47e992
-
Size
221KB
-
MD5
5c6cf3b4fb665a40ca0ad6d282dac06f
-
SHA1
8e28d1d028e895d48010b2294add08bf10f2f808
-
SHA256
151f926c9c343e82fbe5b92a3d33997a3ed92f3d71b7e18665c4cdfdde47e992
-
SHA512
37a9c7059f96dcfb7de29e98de0ee149d07738577800d9f71467dbd1faf09dfecc4a07cc6d76b688c15751b587bf1efc31e0934db0e313ed4df87b08e9ce6baa
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-