Analysis
-
max time kernel
149s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
15-08-2024 08:18
Behavioral task
behavioral1
Sample
New-Client.exe
Resource
win7-20240708-en
windows7-x64
4 signatures
150 seconds
General
-
Target
New-Client.exe
-
Size
239KB
-
MD5
e51d7a315e6ca6c06806440eca0cec93
-
SHA1
185628e20a9fea1a53610601c723196451945695
-
SHA256
159ed1fd896b1e1d54702ef874033f75ccea9104ce5658ce689705122141fa47
-
SHA512
fc110cbe12a5b399ea92566b164f9d36090c69122b4241c5855c7241ac9fe0a6cbf373b6f7d156f2d9d408668f4e6a17373aaccc2b1716b49a71d655c285f9ba
-
SSDEEP
3072:YZwN+/FuOiVtQboMf3GDyCWuBZxW3XBMWkv6VSi4r:4zV4GiyC5BpWDSZr
Malware Config
Extracted
Family
limerat
Attributes
-
aes_key
33333
-
antivm
false
-
c2_url
https://pastebin.com/raw/SvgU88AS
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Extracted
Family
limerat
Attributes
-
antivm
false
-
c2_url
https://pastebin.com/raw/SvgU88AS
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 22 pastebin.com 23 pastebin.com -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language New-Client.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 552 New-Client.exe Token: SeDebugPrivilege 552 New-Client.exe