Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
26-04-2024 11:03
Static task
static1
1 signatures
General
-
Target
70ca9f65d3c92e6c33f3675d309072d17c19813a130078fcdc13c6d058f936f8.exe
-
Size
69KB
-
MD5
ab7fa638e98debb8573b3079f3483404
-
SHA1
28e1a42d0ffc546881ec2c0047e61b26cc8eac96
-
SHA256
70ca9f65d3c92e6c33f3675d309072d17c19813a130078fcdc13c6d058f936f8
-
SHA512
72ad4054d459d5e2b620b600451d45a41cca44a8878ae0f4646f372744c7b8ab71429bbb53f71c18d82eb947b2984bb7dfea02b7d20a0721bd3349b395eaaf08
-
SSDEEP
1536:OrSaZBZzMbqFYMghINZo60+Ebg6afaI7iOgDL/e:OrSaZBZz73PYqp7ibn/e
Malware Config
Extracted
Family
limerat
Attributes
-
antivm
false
-
c2_url
https://pastebin.com/raw/0MvkFDxA
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 49 pastebin.com 50 pastebin.com -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2484 70ca9f65d3c92e6c33f3675d309072d17c19813a130078fcdc13c6d058f936f8.exe