limerat | cdee11382a227ef32c72808129deabd7deab5e5c41ed31108242e7f53e2c62d7 | Triage

Sharing

General

Target

48bae3b18af5c2c01d01a8a899383cc0.exe
Size

28KB
Sample

210525-925djxwd9x
MD5

48bae3b18af5c2c01d01a8a899383cc0
SHA1

1aca6c456d5aae801e9b5c8eb638d56aeaf578ee
SHA256

cdee11382a227ef32c72808129deabd7deab5e5c41ed31108242e7f53e2c62d7
SHA512

6d620fbcdf8897ae46947314b4da38de97f39b8fd5fe4efa9b44af80095295ecc21576588c6e0e33ff23f24c0050b6eee7f5b3c84882b8b997efa951f4b82a9f

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
1234
antivm
false
c2_url
https://pastebin.com/raw/hTv7e3sA
delay
3
download_payload
false
install
true
install_name
Registry.exe
main_folder
UserProfile
pin_spread
false
sub_folder
\Contacts\
usb_spread
true

Targets

- Target
  
  48bae3b18af5c2c01d01a8a899383cc0.exe
- Size
  
  28KB
- MD5
  
  48bae3b18af5c2c01d01a8a899383cc0
- SHA1
  
  1aca6c456d5aae801e9b5c8eb638d56aeaf578ee
- SHA256
  
  cdee11382a227ef32c72808129deabd7deab5e5c41ed31108242e7f53e2c62d7
- SHA512
  
  6d620fbcdf8897ae46947314b4da38de97f39b8fd5fe4efa9b44af80095295ecc21576588c6e0e33ff23f24c0050b6eee7f5b3c84882b8b997efa951f4b82a9f
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2