limerat | 9e416d0dbd3c5dc595ed19abafef21b70c10093c82d2ea57fe19ac0a9abb01af | Triage

Sharing

General

Target

9e416d0dbd3c5dc595ed19abafef21b70c10093c82d2ea57fe19ac0a9abb01af
Size

28KB
MD5

e3c80bd4160a930c6a18814bd404f114
SHA1

ba054718db83cb3bc88cbffc0e744f970284012a
SHA256

9e416d0dbd3c5dc595ed19abafef21b70c10093c82d2ea57fe19ac0a9abb01af
SHA512

44e1555c5676e7e861a7156cc6c1d0a1d2c07596445f6d468b26311220b398b521b6ebe09b61abdebfc63f1d358b2ddd18a8f079dea88398696587f511814ea3
SSDEEP

384:dB+Sbj6NKaxg67XAHtyfneqDh4Xe83/vDKNrCeJE3WNgcJZZ+/2Gbt8VQro3lcQD:3pay67Xwt6P83345NL82Gbt89Fj

Score

10^/10

limerat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
987
antivm
false
c2_url
https://pastebin.com/raw/4n5d3XEf
delay
3
download_payload
false
install
true
install_name
system11.exe
main_folder
AppData
pin_spread
true
sub_folder
\Microsoft\
usb_spread
true

Signatures

Limerat family
limerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
9e416d0dbd3c5dc595ed19abafef21b70c10093c82d2ea57fe19ac0a9abb01af

Files

9e416d0dbd3c5dc595ed19abafef21b70c10093c82d2ea57fe19ac0a9abb01af
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ