limerat | CandyDDoser-15[.]4[.]1-relase[.]exe | Triage

Sharing

General

Target

CandyDDoser-15.4.1-relase.exe
Size

48KB
MD5

a6afa66b8e30978a4332ce1eccfea5d4
SHA1

6c1cd4bd94511bfd5a9077647f7997c199bafaf5
SHA256

a6927bd04276913b77a3a3d34ed38b8e6f8d2e94c8aacb0a7c5e8f8e3510bb3e
SHA512

5851a1359ad23d851d59a28f3fda93a6bb25daf5dfc1c2c7f6a2f71f9a12bfe62c7420f94aa33fa298a02e0c2e4b3c37e5732fab9a48352a81f2bb9a98d444fe
SSDEEP

768:KpgO6PTwdAxZdEayM45NtP0/JCGjDYSvsMMq6n81i9UL5HdwYw:KpATwdM6LxBwHfYNMMq62i9EH

Score

10^/10

limerat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
ewewasdgh
antivm
true
c2_url
https://pastebin.com/raw/hj9UaNnk
delay
3
download_payload
false
install
true
install_name
CandyDDoser-15.4.1-relase.exe
main_folder
AppData
pin_spread
true
sub_folder
\VoiceMod\
usb_spread
true

Signatures

Limerat family
limerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CandyDDoser-15.4.1-relase.exe

Files

CandyDDoser-15.4.1-relase.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ