Overview

overview

10

Static

static

10

jRPSjUSf.exe

windows7_x64

10

jRPSjUSf.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    jRPSjUSf.exe

  • Size

    50KB

  • Sample

    210722-nvfw2gnz1s

  • MD5

    2887c6eca27dc9a071a5c56cbaaf16cd

  • SHA1

    de501f95cb4f87369d8e4d50f953e8c00c1f1256

  • SHA256

    a3269daa8b505dde535e55c76d5cc76236fb45323719cb34eedf9d120caf3be1

  • SHA512

    1f19cb983e66938fe1ded86ddeb471e456c81d362d6fc7713ac547cca1e17306201130689e948034a68930e9788b1169e41757fcb3fb6b8dafb3e0260af6ac21

Score
10/10
limeratrat

Malware Config

Extracted

Family

limerat

Attributes
  • aes_key

    admin

  • antivm

    false

  • c2_url

    https://pastebin.com/raw/W7rdvrw6

  • delay

    45

  • download_payload

    false

  • install

    true

  • install_name

    windows.exe

  • main_folder

    AppData

  • pin_spread

    true

  • sub_folder

    \windows\

  • usb_spread

    false

Targets

    • Target

      jRPSjUSf.exe

    • Size

      50KB

    • MD5

      2887c6eca27dc9a071a5c56cbaaf16cd

    • SHA1

      de501f95cb4f87369d8e4d50f953e8c00c1f1256

    • SHA256

      a3269daa8b505dde535e55c76d5cc76236fb45323719cb34eedf9d120caf3be1

    • SHA512

      1f19cb983e66938fe1ded86ddeb471e456c81d362d6fc7713ac547cca1e17306201130689e948034a68930e9788b1169e41757fcb3fb6b8dafb3e0260af6ac21

    Score
    10/10
    limeratrat

    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

      ratlimerat

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks