General
-
Target
e513eb020887dd56e85e55803b1afccb24ae116380947993da2e88a71e97be14.exe
-
Size
364KB
-
Sample
241006-nkjhlawcma
-
MD5
259572ceada05b5940a3d81727e1bbb9
-
SHA1
e2306dbbe659272bf699668ed266cd402e4d0d31
-
SHA256
e513eb020887dd56e85e55803b1afccb24ae116380947993da2e88a71e97be14
-
SHA512
d41bce00fdf7af762fb45d7a49df612de721af91461898d462d82358ad90e074539453b7b84cde9675d999534ee784258b0f14465bcf3716cd87c13405cccbcf
-
SSDEEP
6144:nyTcXNIwt7tpWseWcp/Fmo6TAoqmDGclo:nWcHobZ5TT
Behavioral task
behavioral1
Sample
e513eb020887dd56e85e55803b1afccb24ae116380947993da2e88a71e97be14.exe
Resource
win7-20240903-en
Malware Config
Extracted
limerat
15o2GcScWkMTUHBbLS2pdvaYbEAs46pEuu
-
aes_key
NadaNasser@1212
-
antivm
true
-
c2_url
https://pastebin.com/raw/YRNWGBMr
-
delay
3
-
download_payload
false
-
install
true
-
install_name
document autorisation.exe
-
main_folder
Temp
-
pin_spread
true
-
sub_folder
\folder\
-
usb_spread
true
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/YRNWGBMr
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
e513eb020887dd56e85e55803b1afccb24ae116380947993da2e88a71e97be14.exe
-
Size
364KB
-
MD5
259572ceada05b5940a3d81727e1bbb9
-
SHA1
e2306dbbe659272bf699668ed266cd402e4d0d31
-
SHA256
e513eb020887dd56e85e55803b1afccb24ae116380947993da2e88a71e97be14
-
SHA512
d41bce00fdf7af762fb45d7a49df612de721af91461898d462d82358ad90e074539453b7b84cde9675d999534ee784258b0f14465bcf3716cd87c13405cccbcf
-
SSDEEP
6144:nyTcXNIwt7tpWseWcp/Fmo6TAoqmDGclo:nWcHobZ5TT
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-