General
-
Target
90091c8c9c69b12fe47cee45e5090bf9
-
Size
1.1MB
-
Sample
240204-yv5hxsbgfr
-
MD5
90091c8c9c69b12fe47cee45e5090bf9
-
SHA1
e7faaf6695ac2c30dbda38e576e6f50eaa04127a
-
SHA256
7d900c842228164a450c070b49db71709f73aab97f548167e79742f505e2edc7
-
SHA512
d772aeb2fc7aac1c30f0e5b4fd782b523d56c3875e40c612d24fa19e0023cee960f149b633fc98c2c2785e13d806a1fb4d32b7f29a605034acbfec54c2ebdabb
-
SSDEEP
24576:e4S/d3uKzksuksSmmRBhZfyrBvEiomcy8jh8N6ZNXZ:dKLmCZMBvEirc+N6ZNX
Static task
static1
Behavioral task
behavioral1
Sample
90091c8c9c69b12fe47cee45e5090bf9.exe
Resource
win7-20231129-en
Malware Config
Extracted
limerat
bc1q5746qkzdr628cmq4swa02lpu2mk69t0pdxdgzs
-
aes_key
Wealth1000$
-
antivm
false
-
c2_url
https://pastebin.com/raw/LF04hVta
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
true
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/LF04hVta
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
90091c8c9c69b12fe47cee45e5090bf9
-
Size
1.1MB
-
MD5
90091c8c9c69b12fe47cee45e5090bf9
-
SHA1
e7faaf6695ac2c30dbda38e576e6f50eaa04127a
-
SHA256
7d900c842228164a450c070b49db71709f73aab97f548167e79742f505e2edc7
-
SHA512
d772aeb2fc7aac1c30f0e5b4fd782b523d56c3875e40c612d24fa19e0023cee960f149b633fc98c2c2785e13d806a1fb4d32b7f29a605034acbfec54c2ebdabb
-
SSDEEP
24576:e4S/d3uKzksuksSmmRBhZfyrBvEiomcy8jh8N6ZNXZ:dKLmCZMBvEirc+N6ZNX
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-