General

  • Target

    099dcfdc5eeae910b36de71681bda6583db86c0e5562e83c3d5f14e139e22460

  • Size

    645KB

  • Sample

    220530-wj2lsaabhl

  • MD5

    1f8283120232c75e4e2dc933b67b38c9

  • SHA1

    2ecaccbea34d3b8d9efe357574eb6119f30308d1

  • SHA256

    099dcfdc5eeae910b36de71681bda6583db86c0e5562e83c3d5f14e139e22460

  • SHA512

    a1fe17a25c189c4bcb21b7b025b75226edfa754599f70483a03b305c8ae7d707cc3b20a5888a53c10c7e4b89c5fce11509c062d9457df29d45370fb6cc56dc97

Score
10/10

Malware Config

Targets

    • Target

      099dcfdc5eeae910b36de71681bda6583db86c0e5562e83c3d5f14e139e22460

    • Size

      645KB

    • MD5

      1f8283120232c75e4e2dc933b67b38c9

    • SHA1

      2ecaccbea34d3b8d9efe357574eb6119f30308d1

    • SHA256

      099dcfdc5eeae910b36de71681bda6583db86c0e5562e83c3d5f14e139e22460

    • SHA512

      a1fe17a25c189c4bcb21b7b025b75226edfa754599f70483a03b305c8ae7d707cc3b20a5888a53c10c7e4b89c5fce11509c062d9457df29d45370fb6cc56dc97

    Score
    10/10
    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

    • Legitimate hosting services abused for malware hosting/C2

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks