General
-
Target
d6955d8ae626ce1f4f2ca6f0a40805b9a14d6837e68083233944f0565bd855e1
-
Size
1.1MB
-
Sample
221130-s7ekdadc45
-
MD5
cc166b3ea155fd47e3380f79d66e982e
-
SHA1
e66dcd125112794858f360172e937691657ca098
-
SHA256
d6955d8ae626ce1f4f2ca6f0a40805b9a14d6837e68083233944f0565bd855e1
-
SHA512
296252cd91831cc1cb75342a209f8ee5b8cde55edd06bc8c842d2c478459c485a990a3bf6d6fc0ef4031cd336088ac12a33ec10cb487a11b5548aa87d7d94a13
-
SSDEEP
24576:SAHnh+eWsN3skA4RV1Hom2KXMmHaas+nsm1ZOGP5:Vh+ZkldoPK8YaaBvZO2
Static task
static1
Behavioral task
behavioral1
Sample
d6955d8ae626ce1f4f2ca6f0a40805b9a14d6837e68083233944f0565bd855e1.exe
Resource
win7-20221111-en
Malware Config
Extracted
limerat
1JBKLGyE6AnRGvk92A8x3m8qmXfh3fcEty
-
aes_key
nulled
-
antivm
true
-
c2_url
https://pastebin.com/raw/cXuQ0V20
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Winservices.exe
-
main_folder
AppData
-
pin_spread
false
-
sub_folder
\Services\
-
usb_spread
true
Targets
-
-
Target
d6955d8ae626ce1f4f2ca6f0a40805b9a14d6837e68083233944f0565bd855e1
-
Size
1.1MB
-
MD5
cc166b3ea155fd47e3380f79d66e982e
-
SHA1
e66dcd125112794858f360172e937691657ca098
-
SHA256
d6955d8ae626ce1f4f2ca6f0a40805b9a14d6837e68083233944f0565bd855e1
-
SHA512
296252cd91831cc1cb75342a209f8ee5b8cde55edd06bc8c842d2c478459c485a990a3bf6d6fc0ef4031cd336088ac12a33ec10cb487a11b5548aa87d7d94a13
-
SSDEEP
24576:SAHnh+eWsN3skA4RV1Hom2KXMmHaas+nsm1ZOGP5:Vh+ZkldoPK8YaaBvZO2
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-