General
-
Target
HEUR-Trojan.Win32.Generic-d456bdf29f0f73886178ad1b097a57a4de9b0e5420cc2a8a2746406500889845.exe
-
Size
330KB
-
Sample
220927-wsk1dsebc3
-
MD5
72efeddca26a5d0a789631998394a2bb
-
SHA1
8d0490107f947cd1e78c89905eede3312bc402ee
-
SHA256
d456bdf29f0f73886178ad1b097a57a4de9b0e5420cc2a8a2746406500889845
-
SHA512
344549d18f9fe37b0be7bb5610104ed1551f1e2746ce98ed4f990db52f9c9743102861e25865f6dcb0aed392899cdc4679ed29cf9a4c85e3c76737dac61af6d2
-
SSDEEP
3072:yI/0W1y4RbVFufrbjKYOPwAEoznq1vK7rbKO6oqoO0MCSgZNz:yRky4R0bDDknq1cm70QiN
Malware Config
Targets
-
-
Target
HEUR-Trojan.Win32.Generic-d456bdf29f0f73886178ad1b097a57a4de9b0e5420cc2a8a2746406500889845.exe
-
Size
330KB
-
MD5
72efeddca26a5d0a789631998394a2bb
-
SHA1
8d0490107f947cd1e78c89905eede3312bc402ee
-
SHA256
d456bdf29f0f73886178ad1b097a57a4de9b0e5420cc2a8a2746406500889845
-
SHA512
344549d18f9fe37b0be7bb5610104ed1551f1e2746ce98ed4f990db52f9c9743102861e25865f6dcb0aed392899cdc4679ed29cf9a4c85e3c76737dac61af6d2
-
SSDEEP
3072:yI/0W1y4RbVFufrbjKYOPwAEoznq1vK7rbKO6oqoO0MCSgZNz:yRky4R0bDDknq1cm70QiN
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Modifies Windows Defender Real-time Protection settings
-
Modifies security service
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-