Behavioral task
behavioral1
Sample
a7b1c2a715bb2f2a6358825f341bcd9e3db00164f44afae1a1e8538ebfdf3a9f.exe
Resource
win7-20240221-en
General
-
Target
a7b1c2a715bb2f2a6358825f341bcd9e3db00164f44afae1a1e8538ebfdf3a9f.exe
-
Size
126KB
-
MD5
08bae97aa3ca7a364e6bbe2aa6e8b8b6
-
SHA1
f6b7179fa8cc6a3b062c8c7b5a914c5b8f6e0312
-
SHA256
a7b1c2a715bb2f2a6358825f341bcd9e3db00164f44afae1a1e8538ebfdf3a9f
-
SHA512
ba47cc9c514627386f1f4d202b46ef182ec332db6183f4e8f5474bd13e491d91a5f7a7ee272d1d647f98ae55e553a60229100ba645c60c2e5c87b973aaf5c5a1
-
SSDEEP
3072:uewtvfrOPCNBz65/M6If+3Js+3JFkKeTn:RaqCxBt25
Malware Config
Extracted
limerat
-
aes_key
Jesus
-
antivm
false
-
c2_url
https://pastebin.com/raw/6bPeUTd1
-
delay
3
-
download_payload
false
-
install
true
-
install_name
Plugin.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\System\
-
usb_spread
true
Signatures
-
Limerat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource a7b1c2a715bb2f2a6358825f341bcd9e3db00164f44afae1a1e8538ebfdf3a9f.exe
Files
-
a7b1c2a715bb2f2a6358825f341bcd9e3db00164f44afae1a1e8538ebfdf3a9f.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 98KB - Virtual size: 97KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ