limerat | Dorksearchergoldcleaned[.]exe | Triage

Sharing

General

Target

Dorksearchergoldcleaned.exe
Size

24KB
MD5

d2cafbe0dee8df78fa2928c5d3f54431
SHA1

bb9e7210d46f983c99e983042ef69c1483354a43
SHA256

e47ebff8db8445fac5e5cfa3a9cf5f3543907ac8d47066a2cbd80c00be10749d
SHA512

41f109e151e13bcb75820beb19686c95314a958dd16da63a4b3d0e6a8b722644a7b074d57b81b84be723fed5515b7b5912107633944b5158886f4eca6a825043
SSDEEP

384:v0eG+mRytj6nmBSwinqm9JmcpCd9vDuNrCeJEomNc+ro3lcbzdYDWn:JjDSwinhJmcpakeN24ZYI

Score

10^/10

limerat

Malware Config

Extracted

Family

limerat

Wallets

1Jyrji1JwM6wcv9w6E7GWRUfBt8VyAu6g1

Attributes

aes_key
elprofessor
antivm
true
c2_url
https://pastebin.com/raw/H6K0uUqr
delay
3
download_payload
true
install
true
install_name
Dork searcher gold.exe
main_folder
AppData
pin_spread
true
sub_folder
\
usb_spread
true

Signatures

Limerat family
limerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Dorksearchergoldcleaned.exe

Files

Dorksearchergoldcleaned.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ