General
-
Target
officialdoc!_013_2020.exe
-
Size
225KB
-
Sample
201203-5faj5lcgts
-
MD5
084eecf7d4654a7e7f4a7c4e6044c967
-
SHA1
e481123bb8cf1a5790cbe9be9727ce37f511bda8
-
SHA256
78aa904a6d06db0ae3190ffdecda755b20e7c4dff3c8dd2061a7d35e7171d5ca
-
SHA512
7a7f5f4173667389d7736b922b6fc4576f115418d91ea47af9ec76f1261c430a1c629d01690bba41178df370a3e05d0e0b792631daab8642a515daa7fe66af5f
Malware Config
Extracted
limerat
1HWT2xVoQathmVB5JBzhBMTfTh4sZH8iqZ
-
aes_key
amanda
-
antivm
false
-
c2_url
https://pastebin.com/raw/8MC17U5q
-
delay
3
-
download_payload
true
-
install
true
-
install_name
OfficialDoc.exe
-
main_folder
Temp
-
payload_url
Downloads\xfiles.pdf
-
pin_spread
false
-
sub_folder
\
-
usb_spread
true
Targets
-
-
Target
officialdoc!_013_2020.exe
-
Size
225KB
-
MD5
084eecf7d4654a7e7f4a7c4e6044c967
-
SHA1
e481123bb8cf1a5790cbe9be9727ce37f511bda8
-
SHA256
78aa904a6d06db0ae3190ffdecda755b20e7c4dff3c8dd2061a7d35e7171d5ca
-
SHA512
7a7f5f4173667389d7736b922b6fc4576f115418d91ea47af9ec76f1261c430a1c629d01690bba41178df370a3e05d0e0b792631daab8642a515daa7fe66af5f
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-