limerat | 2192-2-0x00000000001C0000-0x00000000001CC000-memory[.]dmp | Triage

Sharing

General

Target

2192-2-0x00000000001C0000-0x00000000001CC000-memory.dmp
Size

48KB
MD5

c20c648c76065d7a425c06c78582d36b
SHA1

2dc519f290b3ce875a0d4116f7f78e8725a6f054
SHA256

c1dffe77b69ec5b8391248b6bf4298c54c94d9a1c01981c9f1716f334fb68db6
SHA512

05114d2fded1b7cba6f4248fd91e093a8fa77c4dd51e146732ac7359773423189da0e2ca70ae111279fb938b90129bc7fc01da1bbf7186fcffaafc15662f780a
SSDEEP

768:0ekMvI8QaB4oiErJ9QpYDdFMgdUU+dwHo:0xQ8ErfQpYnsU+d

Score

10^/10

limerat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
NKHUB
antivm
true
c2_url
https://pastebin.com/raw/K6zz3eth
delay
3
download_payload
false
install
true
install_name
svchost.exe
main_folder
Temp
pin_spread
false
sub_folder
\OdlaçddApdad\
usb_spread
true

Signatures

Limerat family
limerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2192-2-0x00000000001C0000-0x00000000001CC000-memory.dmp

Files

2192-2-0x00000000001C0000-0x00000000001CC000-memory.dmp
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ