Malware Analysis Report

2024-11-16 13:10

Sample ID 220520-wzzr5aegfr
Target 6666fc6a1413a584043a3a4416b4c24610df9922229bee816af734562d4401d4
SHA256 6666fc6a1413a584043a3a4416b4c24610df9922229bee816af734562d4401d4
Tags
limerat rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6666fc6a1413a584043a3a4416b4c24610df9922229bee816af734562d4401d4

Threat Level: Known bad

The file 6666fc6a1413a584043a3a4416b4c24610df9922229bee816af734562d4401d4 was found to be: Known bad.

Malicious Activity Summary

limerat rat

LimeRAT

Limerat family

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-05-20 18:22

Signatures

Limerat family

limerat

Analysis: behavioral2

Detonation Overview

Submitted

2022-05-20 18:22

Reported

2022-05-20 18:24

Platform

win10v2004-20220414-en

Max time kernel

76s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6666fc6a1413a584043a3a4416b4c24610df9922229bee816af734562d4401d4.exe"

Signatures

LimeRAT

rat limerat

Processes

C:\Users\Admin\AppData\Local\Temp\6666fc6a1413a584043a3a4416b4c24610df9922229bee816af734562d4401d4.exe

"C:\Users\Admin\AppData\Local\Temp\6666fc6a1413a584043a3a4416b4c24610df9922229bee816af734562d4401d4.exe"

Network

Country Destination Domain Proto
US 8.253.208.112:80 tcp
BE 67.24.35.254:80 tcp
US 52.242.97.97:443 tcp
US 8.238.20.126:80 tcp
US 8.8.8.8:53 151.122.125.40.in-addr.arpa udp
US 8.8.8.8:53 106.89.54.20.in-addr.arpa udp

Files

memory/5048-130-0x0000000000BA0000-0x0000000000C2A000-memory.dmp

memory/5048-131-0x0000000005610000-0x00000000056AC000-memory.dmp

memory/5048-132-0x0000000005C60000-0x0000000006204000-memory.dmp

memory/5048-133-0x00000000056B0000-0x0000000005742000-memory.dmp

memory/5048-134-0x00000000055C0000-0x00000000055CA000-memory.dmp

memory/5048-135-0x0000000005810000-0x0000000005866000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2022-05-20 18:22

Reported

2022-05-20 18:24

Platform

win7-20220414-en

Max time kernel

40s

Max time network

44s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6666fc6a1413a584043a3a4416b4c24610df9922229bee816af734562d4401d4.exe"

Signatures

LimeRAT

rat limerat

Processes

C:\Users\Admin\AppData\Local\Temp\6666fc6a1413a584043a3a4416b4c24610df9922229bee816af734562d4401d4.exe

"C:\Users\Admin\AppData\Local\Temp\6666fc6a1413a584043a3a4416b4c24610df9922229bee816af734562d4401d4.exe"

Network

N/A

Files

memory/1672-54-0x0000000000A00000-0x0000000000A8A000-memory.dmp

memory/1672-55-0x00000000753B1000-0x00000000753B3000-memory.dmp

memory/1672-56-0x00000000020C5000-0x00000000020D6000-memory.dmp