limerat | ee017dc0bd6592bb873764680d56f4ee7ab5ac88354459dd6ee66e112c806dfd | Triage

Sharing

General

Target

ee017dc0bd6592bb873764680d56f4ee7ab5ac88354459dd6ee66e112c806dfd.exe
Size

28KB
Sample

210927-btgn5sfeb9
MD5

5b102acd3bec1d5bd9adee9cf64839ea
SHA1

303aa06f3d7e2963fd5bc8a49778983cc32ad648
SHA256

ee017dc0bd6592bb873764680d56f4ee7ab5ac88354459dd6ee66e112c806dfd
SHA512

048b0fccebbdc2e712177dbfb950d3d756aa813c4f8d3701168a652a9dcb8421eeae10f7dc2e1dea4af87deda06b1a5dc78f7e9eb245ad6db8a082dff848428a

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Wallets

bc1qe88ygu7xcv94gtk6wdnkhks5dpchwnvasjr4pf

Attributes

aes_key
lime
antivm
true
c2_url
https://pastebin.com/raw/d2wuKbQW
delay
4
download_payload
false
install
false
install_name
Wservices.exe
main_folder
Temp
pin_spread
true
sub_folder
\
usb_spread
true

Targets

- Target
  
  ee017dc0bd6592bb873764680d56f4ee7ab5ac88354459dd6ee66e112c806dfd.exe
- Size
  
  28KB
- MD5
  
  5b102acd3bec1d5bd9adee9cf64839ea
- SHA1
  
  303aa06f3d7e2963fd5bc8a49778983cc32ad648
- SHA256
  
  ee017dc0bd6592bb873764680d56f4ee7ab5ac88354459dd6ee66e112c806dfd
- SHA512
  
  048b0fccebbdc2e712177dbfb950d3d756aa813c4f8d3701168a652a9dcb8421eeae10f7dc2e1dea4af87deda06b1a5dc78f7e9eb245ad6db8a082dff848428a
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Loads dropped DLL
- Uses the VBS compiler for execution
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Web Service

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2