Analysis Overview
SHA256
6666fc6a1413a584043a3a4416b4c24610df9922229bee816af734562d4401d4
Threat Level: Known bad
The file 6666fc6a1413a584043a3a4416b4c24610df9922229bee816af734562d4401d4 was found to be: Known bad.
Malicious Activity Summary
LimeRAT
Limerat family
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-05-20 18:22
Signatures
Limerat family
Analysis: behavioral2
Detonation Overview
Submitted
2022-05-20 18:22
Reported
2022-05-20 18:24
Platform
win10v2004-20220414-en
Max time kernel
76s
Max time network
122s
Command Line
Signatures
LimeRAT
Processes
C:\Users\Admin\AppData\Local\Temp\6666fc6a1413a584043a3a4416b4c24610df9922229bee816af734562d4401d4.exe
"C:\Users\Admin\AppData\Local\Temp\6666fc6a1413a584043a3a4416b4c24610df9922229bee816af734562d4401d4.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.253.208.112:80 | tcp | |
| BE | 67.24.35.254:80 | tcp | |
| US | 52.242.97.97:443 | tcp | |
| US | 8.238.20.126:80 | tcp | |
| US | 8.8.8.8:53 | 151.122.125.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.89.54.20.in-addr.arpa | udp |
Files
memory/5048-130-0x0000000000BA0000-0x0000000000C2A000-memory.dmp
memory/5048-131-0x0000000005610000-0x00000000056AC000-memory.dmp
memory/5048-132-0x0000000005C60000-0x0000000006204000-memory.dmp
memory/5048-133-0x00000000056B0000-0x0000000005742000-memory.dmp
memory/5048-134-0x00000000055C0000-0x00000000055CA000-memory.dmp
memory/5048-135-0x0000000005810000-0x0000000005866000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2022-05-20 18:22
Reported
2022-05-20 18:24
Platform
win7-20220414-en
Max time kernel
40s
Max time network
44s
Command Line
Signatures
LimeRAT
Processes
C:\Users\Admin\AppData\Local\Temp\6666fc6a1413a584043a3a4416b4c24610df9922229bee816af734562d4401d4.exe
"C:\Users\Admin\AppData\Local\Temp\6666fc6a1413a584043a3a4416b4c24610df9922229bee816af734562d4401d4.exe"
Network
Files
memory/1672-54-0x0000000000A00000-0x0000000000A8A000-memory.dmp
memory/1672-55-0x00000000753B1000-0x00000000753B3000-memory.dmp
memory/1672-56-0x00000000020C5000-0x00000000020D6000-memory.dmp