General
-
Target
HEUR-Trojan.Win32.Generic-3a7f8ed681ba28576914896ec61e91b45b7fbe561a69f57ed1c9337573a66c69.exe
-
Size
334KB
-
Sample
220927-wsk1dsebb9
-
MD5
23ceb5e125022c67b8c66cacd2d17803
-
SHA1
a0eec28de7c622645138d598e77c55eb640b7933
-
SHA256
3a7f8ed681ba28576914896ec61e91b45b7fbe561a69f57ed1c9337573a66c69
-
SHA512
9124d423455f4bbd9a44225fd988aea8ed8b4ef941b274c9bdfa565992541464c065e51b895f51b0bd1de1c09f377ff2c1c532462ea91f29e2e58a13d77c8c71
-
SSDEEP
3072:QI/0W1y4RbPNubjn1GwAEoznq1vK7rbKOtoqoO0MdSgZNz:QRky4ebxknq1cmK0ZiN
Malware Config
Targets
-
-
Target
HEUR-Trojan.Win32.Generic-3a7f8ed681ba28576914896ec61e91b45b7fbe561a69f57ed1c9337573a66c69.exe
-
Size
334KB
-
MD5
23ceb5e125022c67b8c66cacd2d17803
-
SHA1
a0eec28de7c622645138d598e77c55eb640b7933
-
SHA256
3a7f8ed681ba28576914896ec61e91b45b7fbe561a69f57ed1c9337573a66c69
-
SHA512
9124d423455f4bbd9a44225fd988aea8ed8b4ef941b274c9bdfa565992541464c065e51b895f51b0bd1de1c09f377ff2c1c532462ea91f29e2e58a13d77c8c71
-
SSDEEP
3072:QI/0W1y4RbPNubjn1GwAEoznq1vK7rbKOtoqoO0MdSgZNz:QRky4ebxknq1cmK0ZiN
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Modifies Windows Defender Real-time Protection settings
-
Modifies security service
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-