Overview

overview

10

Static

static

10

LavinStresser.bin.exe

windows7_x64

10

LavinStresser.bin.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LavinStresser.bin.zip

  • Size

    1.3MB

  • Sample

    211020-ncxegsghg8

  • MD5

    4660f33c57ac7469075c160f0b3823f2

  • SHA1

    e5d725652b399256b1cba8d4a8cd232485c45949

  • SHA256

    b8a7c8840c7c65a0c5238f62442043e7f968d2d36bbaee8bc65a6cc10b184367

  • SHA512

    b374bd45dbc809dd3f0062aa7358f16efa93a4fa51940a5c71eac76e73cc82da3bd41cf00672a33ddc0fb1cea14ad145c34613db9587614a4b22a6875c79ae94

Score
10/10
limeratratspywarestealer

Malware Config

Extracted

Family

limerat

Attributes
  • aes_key

    Frago67573DARK

  • antivm

    true

  • c2_url

    https://pastebin.com/raw/bYeMnu8H

  • delay

    3

  • download_payload

    false

  • install

    true

  • install_name

    Wservices.exe

  • main_folder

    AppData

  • pin_spread

    true

  • sub_folder

    \Logs32\

  • usb_spread

    false

Targets

    • Target

      LavinStresser.bin

    • Size

      1.4MB

    • MD5

      a7b2778a7e1c6be043dd7105f87da85c

    • SHA1

      dbd9c08e83371a1b01eea6cff0c445601c4b755f

    • SHA256

      a58ccc58f2dc5796554f00abe6516c592ffac223dedca8b39e91c4532b4601c0

    • SHA512

      df529efaf825775d670011dc1d928edbda2b1bfca030e45aa57e0d850ccb9140bc2248ee429c22d8a0f3a3cd489c177f1ef00c128339a500688adc14bb43b2de

    Score
    10/10
    limeratratspywarestealer

    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

      ratlimerat

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks