limerat | BlackSkullV2[.]exe | Triage

Sharing

General

Target

BlackSkullV2.exe
Size

51KB
MD5

07eabc6db5de229a160ef35ef2520b93
SHA1

2000b5046d2cfe5efe9ef9fe2c781a0e2362cb59
SHA256

f045fb1743e8dc5132304b897f9582ddf01881d76b3d34af97a5114157c1ed5e
SHA512

e4ebd9577a2f6e2e41d9214dce243d63bee6f4e98562df659647b5e37fd16c9624ae7068607563e55314f40a10be7d5dd3c22875446b69b6b5b182edc2118ec4
SSDEEP

1536:kp8nwtTplnav3iWvSLkhm1SDdxYEokbz:O+wtTpln9oeqdaEf

Score

10^/10

limerat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
123499
antivm
false
c2_url
https://pastebin.com/raw/zwppgXcp
delay
3
download_payload
false
install
false
install_name
WindowsServices.exe
main_folder
Temp
pin_spread
false
sub_folder
\
usb_spread
false

Signatures

Limerat family
limerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BlackSkullV2.exe

Files

BlackSkullV2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ