General
-
Target
2c94e1ac0a94aa3aa6e03f9ff33eb0f94f916b00ca0a34a4da62d113c438327f
-
Size
690KB
-
Sample
220614-19vy5sfgaj
-
MD5
2251fe3272ac42953467d3359e2733ad
-
SHA1
c87dcad0d026c13f6dcd6d5205427f7b4147984e
-
SHA256
2c94e1ac0a94aa3aa6e03f9ff33eb0f94f916b00ca0a34a4da62d113c438327f
-
SHA512
1778cef71bd98d41e280adf86920d3f5a7bf3fd9dc21d2442c894556bb409ffcb0f6d6ba4f36f0249c3eba039c427149b7a7cd910f0f46b1aa4f0831a682cf2b
Static task
static1
Behavioral task
behavioral1
Sample
2c94e1ac0a94aa3aa6e03f9ff33eb0f94f916b00ca0a34a4da62d113c438327f.exe
Resource
win7-20220414-en
Malware Config
Extracted
limerat
359Z6KxMenwvgkA7vpGeBtinJPTj5raZz8
-
aes_key
arglobal
-
antivm
false
-
c2_url
https://pastebin.com/raw/CV5RHE9G
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Targets
-
-
Target
2c94e1ac0a94aa3aa6e03f9ff33eb0f94f916b00ca0a34a4da62d113c438327f
-
Size
690KB
-
MD5
2251fe3272ac42953467d3359e2733ad
-
SHA1
c87dcad0d026c13f6dcd6d5205427f7b4147984e
-
SHA256
2c94e1ac0a94aa3aa6e03f9ff33eb0f94f916b00ca0a34a4da62d113c438327f
-
SHA512
1778cef71bd98d41e280adf86920d3f5a7bf3fd9dc21d2442c894556bb409ffcb0f6d6ba4f36f0249c3eba039c427149b7a7cd910f0f46b1aa4f0831a682cf2b
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-