limerat | New-Client[.]exe | Triage

Sharing

General

Target

New-Client.exe
Size

28KB
MD5

2d0c62fc7cc0fcddec7cdfd2b4aacbd7
SHA1

6dab1f5cb32d4c3a5f8789b07f4c2930a49d1956
SHA256

d89a56bbfa46016796046572213f98af65abdd863fef32f8eaf50ace8fb1f921
SHA512

e48f0474c68674a4907f22f89f6a6f3f074128731e5ee453e3482d22851d567055b9b49fe21b30f9c1858fa2276ec5bd34a3abe8205c530550ff4a2ea9826e53
SSDEEP

384:0B+Sbj6NKSfa6JBAHNefWXqDpOinsmsDdvDKNrCeJE3WNgOT5E/JXr4CQro3lcTR:ypSS6JBwNOOism0d45NP5211wj

Score

10^/10

limerat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
07903088
antivm
true
c2_url
https://pastebin.com/raw/J0uqtmU4
delay
3
download_payload
false
install
false
install_name
Wservices.exe
main_folder
Temp
pin_spread
false
sub_folder
\
usb_spread
false

Signatures

Limerat family
limerat
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

New-Client.exe

Files

New-Client.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ