General

  • Target

    b9ff9def3505980f5cadd14fbde03af120d975c9a602379af3dadc0b72b9c9e8

  • Size

    28KB

  • Sample

    220520-g44vbadha6

  • MD5

    e408f9e211189586d4d923deafb308b4

  • SHA1

    bab83e49a11631bc5ecfd39389157e1c8a7f8f85

  • SHA256

    b9ff9def3505980f5cadd14fbde03af120d975c9a602379af3dadc0b72b9c9e8

  • SHA512

    b383c33eb4ce0a426b27d4983a57ad4cdfc44db2dcc2bd0b4b3d5031cbefe543b65534bc517a5267a95d0de7e9da293c2441fa6bc6856e2351ce5e26268080bd

Score
10/10

Malware Config

Extracted

Family

limerat

Attributes
  • aes_key

    Nyan

  • antivm

    false

  • c2_url

    https://pastebin.com/raw/vy21B6hE

  • delay

    3

  • download_payload

    false

  • install

    false

  • install_name

    Wservices.exe

  • main_folder

    Temp

  • pin_spread

    false

  • sub_folder

    \

  • usb_spread

    false

Targets

    • Target

      b9ff9def3505980f5cadd14fbde03af120d975c9a602379af3dadc0b72b9c9e8

    • Size

      28KB

    • MD5

      e408f9e211189586d4d923deafb308b4

    • SHA1

      bab83e49a11631bc5ecfd39389157e1c8a7f8f85

    • SHA256

      b9ff9def3505980f5cadd14fbde03af120d975c9a602379af3dadc0b72b9c9e8

    • SHA512

      b383c33eb4ce0a426b27d4983a57ad4cdfc44db2dcc2bd0b4b3d5031cbefe543b65534bc517a5267a95d0de7e9da293c2441fa6bc6856e2351ce5e26268080bd

    Score
    10/10
    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks