Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
09-07-2023 16:12
Behavioral task
behavioral1
Sample
ChromiumUpdateexeexeexeex.exe
Resource
win7-20230703-en
windows7-x64
4 signatures
150 seconds
General
-
Target
ChromiumUpdateexeexeexeex.exe
-
Size
44KB
-
MD5
fda53976d89ab903557b9528cc2fb91d
-
SHA1
c42781c8328b1dbb70c3571fcadd9f674c5df333
-
SHA256
865f0c77242db6c8bc7853d56c80df25d0131978cc693fc2a05a392316cfc566
-
SHA512
7b7f0efd96a67026aea1661fee86358557b89d67ed8c96c9125a61958570e00e9cab2cc84950cdd8eb799cdc8e5f2cdc0d1c90da2b0c891920b700c203e44444
-
SSDEEP
768:TpYT6H3wjsG/YS445NoDamKOAZB6in1WjctC1iTIPYe:TpH3wj9/ZF8DHoBGgCuIP7
Malware Config
Extracted
Family
limerat
Wallets
bc1qwycfayk08cnnj2ng0emn8yeek6hkdkdvue952a
Attributes
-
aes_key
vELKIjFPTOEs91pZ1LF+7gl6DaQq5z3kH6Q5FyFhRO8/6K8Xpl7YLTgTqwUttOW5
-
antivm
false
-
c2_url
https://pastebin.com/raw/DDTVwwbu
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
true
-
sub_folder
\
-
usb_spread
true
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
ChromiumUpdateexeexeexeex.exedescription pid process Token: SeDebugPrivilege 4704 ChromiumUpdateexeexeexeex.exe Token: SeDebugPrivilege 4704 ChromiumUpdateexeexeexeex.exe