limerat | a7b1c2a715bb2f2a6358825f341bcd9e3db00164f44afae1a1e8538ebfdf3a9f[.]exe | Triage

Sharing

General

Target

a7b1c2a715bb2f2a6358825f341bcd9e3db00164f44afae1a1e8538ebfdf3a9f.exe
Size

126KB
MD5

08bae97aa3ca7a364e6bbe2aa6e8b8b6
SHA1

f6b7179fa8cc6a3b062c8c7b5a914c5b8f6e0312
SHA256

a7b1c2a715bb2f2a6358825f341bcd9e3db00164f44afae1a1e8538ebfdf3a9f
SHA512

ba47cc9c514627386f1f4d202b46ef182ec332db6183f4e8f5474bd13e491d91a5f7a7ee272d1d647f98ae55e553a60229100ba645c60c2e5c87b973aaf5c5a1
SSDEEP

3072:uewtvfrOPCNBz65/M6If+3Js+3JFkKeTn:RaqCxBt25

Score

10^/10

limerat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
Jesus
antivm
false
c2_url
https://pastebin.com/raw/6bPeUTd1
delay
3
download_payload
false
install
true
install_name
Plugin.exe
main_folder
Temp
pin_spread
false
sub_folder
\System\
usb_spread
true

Signatures

Limerat family
limerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
a7b1c2a715bb2f2a6358825f341bcd9e3db00164f44afae1a1e8538ebfdf3a9f.exe

Files

a7b1c2a715bb2f2a6358825f341bcd9e3db00164f44afae1a1e8538ebfdf3a9f.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ