General

  • Target

    BlackHAT.exe

  • Size

    51KB

  • MD5

    d5700c41472c7b4520203ed24422cd86

  • SHA1

    6abfc54feaab58a84810f1d1c63bd43b2d8a9192

  • SHA256

    297c3bfe34c2c0e7babc29946ff38c985293f2eb0dad98836a5ac340d35c9a77

  • SHA512

    46d6037e97bb2587906feaf6e2d20e3abb5b3dcc1bf55767c7976f24ee0da952e3c4b68b29d810901cdbcd6ceee7cd73884cc3dc1a45e2a98ae9d9010ead217d

  • SSDEEP

    768:SpMN6RpwdiERAkXL45NyJuKn1pj8hhs1SDdxYu+h7yokbz:SpbpwdTn0ewKnHohm1SDdxYEokbz

Score
10/10

Malware Config

Extracted

Family

limerat

Attributes
  • aes_key

    123499

  • antivm

    false

  • c2_url

    https://pastebin.com/raw/zwppgXcp

  • delay

    3

  • download_payload

    false

  • install

    true

  • install_name

    WindowsServices.exe

  • main_folder

    Temp

  • pin_spread

    false

  • sub_folder

    \

  • usb_spread

    true

Signatures

  • Limerat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • BlackHAT.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections