Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
01-05-2024 12:11
Behavioral task
behavioral1
Sample
67071B5DA1FB59324066982123ED7F68.exe
Resource
win7-20231129-en
windows7-x64
4 signatures
150 seconds
General
-
Target
67071B5DA1FB59324066982123ED7F68.exe
-
Size
28KB
-
MD5
67071b5da1fb59324066982123ed7f68
-
SHA1
69dd9ef68544298fefc72ea1d9fbd363049d23b3
-
SHA256
d938672b5d4f3a25c48474597752ff5f8af36472802a2c6767b2e7dd18506c71
-
SHA512
7a9397b74550fe437849dbb88de5662e4750a96a07eff5684776c8f7400239419916770f158ebeab08c9b94bd6f8ed6c0e3bf80a6fbdfbc9db07ae2beb96122e
-
SSDEEP
384:eB+Sbj6NKWh8/6DfAH94WOqDiGyChhVX7xAvDKNrCeJE3WNgPQXZxx+Jjvf9/H2S:UpWK/6Dfw9OGyChhx7xu45NXGrdNpj
Malware Config
Extracted
Family
limerat
Attributes
-
aes_key
X9twY2806eGrw9+Sl098AQ==
-
antivm
false
-
c2_url
https://pastebin.com/raw/ZwyPz8sa
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs
flow ioc 7 pastebin.com 17 pastebin.com 19 pastebin.com 20 pastebin.com 22 pastebin.com 4 pastebin.com 14 pastebin.com 16 pastebin.com 18 pastebin.com 21 pastebin.com -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 2980 67071B5DA1FB59324066982123ED7F68.exe Token: SeDebugPrivilege 2980 67071B5DA1FB59324066982123ED7F68.exe