Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 18:41
Behavioral task
behavioral1
Sample
0f28ab259bf7fcea70f4fcf53022f0062d2e81ae4073a4870c389f4ed22efc8d.exe
Resource
win7-20240221-en
windows7-x64
3 signatures
150 seconds
General
-
Target
0f28ab259bf7fcea70f4fcf53022f0062d2e81ae4073a4870c389f4ed22efc8d.exe
-
Size
28KB
-
MD5
7d56d6a7a982e07625092cc80311f54b
-
SHA1
7715c0abcef845315f52241505b9a9a63456dac3
-
SHA256
0f28ab259bf7fcea70f4fcf53022f0062d2e81ae4073a4870c389f4ed22efc8d
-
SHA512
20de93cbbe83687d6b575e67473ecffdc2ac35b1b7379d9787b6a0c9cd942e3a8e9a16e5dae61b81e3a8ce173ba80b1b0ea2a64fdf675c4365b0b8ac0f798fdc
-
SSDEEP
384:EB+Sbj6NKnZm6OiAH5iIxqDncN4v0ar7vDKNrCeJE3WNgyKP5so2iFEQro3lcGVQ:Cpno6Oiw5Kc2vxL45N7KPNFmwj
Malware Config
Extracted
Family
limerat
Attributes
-
aes_key
123
-
antivm
false
-
c2_url
https://pastebin.com/87BkkfZk
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 4 pastebin.com 5 pastebin.com -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 2340 0f28ab259bf7fcea70f4fcf53022f0062d2e81ae4073a4870c389f4ed22efc8d.exe Token: SeDebugPrivilege 2340 0f28ab259bf7fcea70f4fcf53022f0062d2e81ae4073a4870c389f4ed22efc8d.exe