f389bcaede3b4275e90f2d9ff0e50a57

General
Target

f389bcaede3b4275e90f2d9ff0e50a57

Size

42KB

Sample

211021-skk4msbchn

Score
10 /10
MD5

f389bcaede3b4275e90f2d9ff0e50a57

SHA1

b5b8d733ef241a5e57b53c8e809dd5629d4e2a31

SHA256

46de87ee14fc89de41df979d9de14bd223dbd109d7f9c04eda2641091d6d005b

SHA512

36ee862ec5f7c401b990f6bcde85bcbf48237729a4cef53c44a73bed461810107142e770e458f598ff8e08f69f295bf0314e4001d6c6d247052de82beadbb79c

Malware Config
Targets
Target

f389bcaede3b4275e90f2d9ff0e50a57

MD5

f389bcaede3b4275e90f2d9ff0e50a57

Filesize

42KB

Score
10/10
SHA1

b5b8d733ef241a5e57b53c8e809dd5629d4e2a31

SHA256

46de87ee14fc89de41df979d9de14bd223dbd109d7f9c04eda2641091d6d005b

SHA512

36ee862ec5f7c401b990f6bcde85bcbf48237729a4cef53c44a73bed461810107142e770e458f598ff8e08f69f295bf0314e4001d6c6d247052de82beadbb79c

Tags

Signatures

  • LimeRAT

    Description

    Simple yet powerful RAT for Windows machines written in .NET.

    Tags

  • Modifies Windows Defender Real-time Protection settings

    Tags

    TTPs

    Modify RegistryModify Existing ServiceDisabling Security Tools
  • Turns off Windows Defender SpyNet reporting

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • Windows security bypass

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • Nirsoft

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    10/10

                    behavioral2

                    10/10