General
-
Target
2304394f01a29ed686a669cfbda920e689e146c18bca938ee37e27646c0497b9
-
Size
923KB
-
Sample
220612-dlhycabfar
-
MD5
64fdc4f0adb61e2c9e214eedb8754c51
-
SHA1
7b82469530e364f20d0e1890eb5eb6f38395f2fa
-
SHA256
2304394f01a29ed686a669cfbda920e689e146c18bca938ee37e27646c0497b9
-
SHA512
78824a1a898ee6fd410de2078842f03d960bac743e6b644b8df434f6c091d807ebb8ecd4dc38ce8559f887753894a69c29445b04d0cc4618cfe78fbac06e8495
Static task
static1
Behavioral task
behavioral1
Sample
2304394f01a29ed686a669cfbda920e689e146c18bca938ee37e27646c0497b9.exe
Resource
win7-20220414-en
Malware Config
Extracted
limerat
1MbfbaoWSZmn5S9NCaT22eWc3iBAMY1KYj
-
aes_key
hash
-
antivm
false
-
c2_url
https://pastebin.com/raw/kvG0pZaT
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Targets
-
-
Target
2304394f01a29ed686a669cfbda920e689e146c18bca938ee37e27646c0497b9
-
Size
923KB
-
MD5
64fdc4f0adb61e2c9e214eedb8754c51
-
SHA1
7b82469530e364f20d0e1890eb5eb6f38395f2fa
-
SHA256
2304394f01a29ed686a669cfbda920e689e146c18bca938ee37e27646c0497b9
-
SHA512
78824a1a898ee6fd410de2078842f03d960bac743e6b644b8df434f6c091d807ebb8ecd4dc38ce8559f887753894a69c29445b04d0cc4618cfe78fbac06e8495
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-