limerat | 46de87ee14fc89de41df979d9de14bd223dbd109d7f9c04eda2641091d6d005b | Triage

Submit
Reports

Overview

overview

Static

static

f389bcaede...57.exe

windows7_x64

f389bcaede...57.exe

windows10_x64

Sharing

General

Target

f389bcaede3b4275e90f2d9ff0e50a57
Size

42KB
Sample

211021-skk4msbchn
MD5

f389bcaede3b4275e90f2d9ff0e50a57
SHA1

b5b8d733ef241a5e57b53c8e809dd5629d4e2a31
SHA256

46de87ee14fc89de41df979d9de14bd223dbd109d7f9c04eda2641091d6d005b
SHA512

36ee862ec5f7c401b990f6bcde85bcbf48237729a4cef53c44a73bed461810107142e770e458f598ff8e08f69f295bf0314e4001d6c6d247052de82beadbb79c

Score

10^/10

limerat evasion persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

f389bcaede3b4275e90f2d9ff0e50a57.exe

Resource

win7-en-20210920

evasion persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f389bcaede3b4275e90f2d9ff0e50a57.exe

Resource

win10-en-20211014

limerat evasion rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  f389bcaede3b4275e90f2d9ff0e50a57
- Size
  
  42KB
- MD5
  
  f389bcaede3b4275e90f2d9ff0e50a57
- SHA1
  
  b5b8d733ef241a5e57b53c8e809dd5629d4e2a31
- SHA256
  
  46de87ee14fc89de41df979d9de14bd223dbd109d7f9c04eda2641091d6d005b
- SHA512
  
  36ee862ec5f7c401b990f6bcde85bcbf48237729a4cef53c44a73bed461810107142e770e458f598ff8e08f69f295bf0314e4001d6c6d247052de82beadbb79c
Score

10^/10

evasion persistence trojan limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Turns off Windows Defender SpyNet reporting
  evasion
- Windows security bypass
  evasion trojan
- Nirsoft
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

limeratevasionrattrojan

© 2018-2024

Terms | Privacy