limerat | BLTools 2[.]5[.]exe | Triage

Sharing

General

Target

BLTools 2.5.exe
Size

95KB
MD5

ea7e08be1070d80d655c888c706e0f24
SHA1

0a306cf100c098860b2af1afc850e6dc82e9a855
SHA256

066cc1f77311bb6532cd2fe87e20487dd5dac8a2b0749c85ec7b85a03acfc2b2
SHA512

c049e5ad899ea384876f6d01aa2c53738197f569b9383a49d2c6313929afede9fd555dbb4e524976867d6ad6d3cbdc8278efc9ed42ab3065a4a5e2626fccc8c2
SSDEEP

768:Jpv+6fQwT+Jty6X45Nwy1kdpI1Mr6+jN0eSvH9ZcTyrzgEhR2nsCt7CNFd7mic2g:JpPQwT0forrs5RnC9ZcKOsCtKjb+

Score

10^/10

limerat

Malware Config

Extracted

Family

limerat

Wallets

bc1q0gmdxcfwzc5wnfpk36nmvuyqnuhz775nzlassz

Attributes

aes_key
hakai
antivm
true
c2_url
https://pastebin.com/raw/U2Ffc64v
delay
3
download_payload
false
install
true
install_name
Microsoft.exe
main_folder
AppData
pin_spread
true
sub_folder
\Microsoft\
usb_spread
true

Signatures

Limerat family
limerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BLTools 2.5.exe

Files

BLTools 2.5.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ