Overview

overview

10

Static

static

Payment Copy.js

windows7_x64

10

Payment Copy.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment Copy.js

  • Size

    736KB

  • Sample

    210814-tc79165tv2

  • MD5

    d3c5964e49a3af7aa3e861b7e9f194b1

  • SHA1

    afe5b5a7bc4353603b6959c3e556261896355ca1

  • SHA256

    328c830f50d6a124333a32e574411df789afd2581956098c08500c528034697f

  • SHA512

    dde692e8788543d570c394541362fe9d47d46749c7f97b9b95e6a9508db5bc4b591d4f2c31b25445b375067266b75662bce29e4c2638671da5bf54f960cb484d

Score
10/10
limeratrattyrattrojan

Malware Config

Extracted

Family

limerat

Wallets

1Cs8MjxkXtYwkDKypg8i1Vj5nzhANpgC6y

Attributes
  • aes_key

    2249

  • antivm

    false

  • c2_url

    https://pastebin.com/raw/G9wX4J5m

  • delay

    8

  • download_payload

    false

  • install

    true

  • install_name

    player.exe

  • main_folder

    AppData

  • pin_spread

    false

  • sub_folder

    \

  • usb_spread

    false

Targets

    • Target

      Payment Copy.js

    • Size

      736KB

    • MD5

      d3c5964e49a3af7aa3e861b7e9f194b1

    • SHA1

      afe5b5a7bc4353603b6959c3e556261896355ca1

    • SHA256

      328c830f50d6a124333a32e574411df789afd2581956098c08500c528034697f

    • SHA512

      dde692e8788543d570c394541362fe9d47d46749c7f97b9b95e6a9508db5bc4b591d4f2c31b25445b375067266b75662bce29e4c2638671da5bf54f960cb484d

    Score
    10/10
    limeratrattyrattrojan

    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

      ratlimerat

    • Ratty

      Ratty is an open source Java Remote Access Tool.

      trojanratratty

    • Ratty Rat Payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks