limerat | af14ffe4c3aa39dd8b219ca3cf1757492183c5ac069b507a1d36bb4430057582 | Triage

Sharing

General

Target

new.exe
Size

851KB
Sample

200715-gkfam3ql9a
MD5

6da3f250c69c7540fc0b665bf26d9bb5
SHA1

5da0a0dee94cd2f49bba7d14402acb59d1650cd3
SHA256

af14ffe4c3aa39dd8b219ca3cf1757492183c5ac069b507a1d36bb4430057582
SHA512

1a09baf36739734d613bc537145e2de1b865790c99e0ec51525bc14931a1777be63163f527780d4579d9b59dc447102649b9797f10533753cff596ee6e0da56c

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Wallets

14dRC57Wbd8UH6Bff3LNzazwSHQHkcDPik

Attributes

aes_key
12345
antivm
false
c2_url
https://pastebin.com/raw/peS2LDTc
delay
3
download_payload
false
install
true
install_name
svchost.exe
main_folder
AppData
pin_spread
true
sub_folder
\
usb_spread
true

Targets

- Target
  
  new.exe
- Size
  
  851KB
- MD5
  
  6da3f250c69c7540fc0b665bf26d9bb5
- SHA1
  
  5da0a0dee94cd2f49bba7d14402acb59d1650cd3
- SHA256
  
  af14ffe4c3aa39dd8b219ca3cf1757492183c5ac069b507a1d36bb4430057582
- SHA512
  
  1a09baf36739734d613bc537145e2de1b865790c99e0ec51525bc14931a1777be63163f527780d4579d9b59dc447102649b9797f10533753cff596ee6e0da56c
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Web Service

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2