Analysis
-
max time kernel
69s -
max time network
76s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 21:23
Behavioral task
behavioral1
Sample
New-Client.exe
Resource
win7-20240508-en
windows7-x64
3 signatures
150 seconds
General
-
Target
New-Client.exe
-
Size
28KB
-
MD5
62476bdfc44e71fce7aa9bf3889c8be2
-
SHA1
99e9e9f44f4df8afb067041ef3f7fcf4cf271cdd
-
SHA256
5f0d9a45a4ff8b2b228f955970d29801d23c4129d9e7415223498869f1c3c5d4
-
SHA512
467d631a25160f11b66392fa024fee054758dd2fc9800867748021dff69bc6046eabd4cc195e0a87debb72ab236d4f75af996c2c5503d1566275523359dde223
-
SSDEEP
384:YB+Sbj6NKGnD6N9AHNkApEqDFFftpTzvDKNrCeJE3WNgMY/rKqnZw9L/L1WVIhda:GpGD6N9wNBf3Tz45NC/rLnZwdLxGj
Malware Config
Extracted
Family
limerat
Attributes
-
aes_key
yes
-
antivm
false
-
c2_url
https://pastebin.com/raw/8mi2eAWW
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
flow ioc 14 pastebin.com 15 pastebin.com 2 pastebin.com 7 pastebin.com 12 pastebin.com -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 4020 New-Client.exe Token: SeDebugPrivilege 4020 New-Client.exe