General
-
Target
TRY.exe
-
Size
28KB
-
Sample
200731-b1tyqdhbex
-
MD5
ec828127c3d3d6037a22a729f410e079
-
SHA1
d39f6c1cc851cb91b5f10f0004c20aca07578fdd
-
SHA256
3dff78186451d97e6c3403b885ffb148cc7130b2b787b915041c7363feb74c68
-
SHA512
7bda81acda82a155278bae3403ab8e9f180a7785db9ee4aafeaeffc9094f23f3c9c36633b30683af408049d85b648b9beae6c4cb7ab81825b635a08c87b19ada
Static task
static1
Behavioral task
behavioral1
Sample
TRY.exe
Resource
win7
Malware Config
Extracted
limerat
-
aes_key
12345
-
antivm
false
-
c2_url
https://pastebin.com/raw/hUxcYmeR
-
delay
3
-
download_payload
false
-
install
true
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
true
Targets
-
-
Target
TRY.exe
-
Size
28KB
-
MD5
ec828127c3d3d6037a22a729f410e079
-
SHA1
d39f6c1cc851cb91b5f10f0004c20aca07578fdd
-
SHA256
3dff78186451d97e6c3403b885ffb148cc7130b2b787b915041c7363feb74c68
-
SHA512
7bda81acda82a155278bae3403ab8e9f180a7785db9ee4aafeaeffc9094f23f3c9c36633b30683af408049d85b648b9beae6c4cb7ab81825b635a08c87b19ada
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-