Behavioral task
behavioral1
Sample
BlackHAT.exe
Resource
win7-20240903-en
General
-
Target
BlackHAT.exe
-
Size
51KB
-
MD5
d5700c41472c7b4520203ed24422cd86
-
SHA1
6abfc54feaab58a84810f1d1c63bd43b2d8a9192
-
SHA256
297c3bfe34c2c0e7babc29946ff38c985293f2eb0dad98836a5ac340d35c9a77
-
SHA512
46d6037e97bb2587906feaf6e2d20e3abb5b3dcc1bf55767c7976f24ee0da952e3c4b68b29d810901cdbcd6ceee7cd73884cc3dc1a45e2a98ae9d9010ead217d
-
SSDEEP
768:SpMN6RpwdiERAkXL45NyJuKn1pj8hhs1SDdxYu+h7yokbz:SpbpwdTn0ewKnHohm1SDdxYEokbz
Malware Config
Extracted
limerat
-
aes_key
123499
-
antivm
false
-
c2_url
https://pastebin.com/raw/zwppgXcp
-
delay
3
-
download_payload
false
-
install
true
-
install_name
WindowsServices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
true
Signatures
-
Limerat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource BlackHAT.exe
Files
-
BlackHAT.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ