General
-
Target
New-Client.exe
-
Size
28KB
-
MD5
2d0c62fc7cc0fcddec7cdfd2b4aacbd7
-
SHA1
6dab1f5cb32d4c3a5f8789b07f4c2930a49d1956
-
SHA256
d89a56bbfa46016796046572213f98af65abdd863fef32f8eaf50ace8fb1f921
-
SHA512
e48f0474c68674a4907f22f89f6a6f3f074128731e5ee453e3482d22851d567055b9b49fe21b30f9c1858fa2276ec5bd34a3abe8205c530550ff4a2ea9826e53
-
SSDEEP
384:0B+Sbj6NKSfa6JBAHNefWXqDpOinsmsDdvDKNrCeJE3WNgOT5E/JXr4CQro3lcTR:ypSS6JBwNOOism0d45NP5211wj
Malware Config
Extracted
limerat
-
aes_key
07903088
-
antivm
true
-
c2_url
https://pastebin.com/raw/J0uqtmU4
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Signatures
-
Limerat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource New-Client.exe
Files
-
New-Client.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ