General

  • Target

    067eb1294e4dd4b17b802236519c2147a4f3ba91cdcadd45a9bf8b3f6e2b742c

  • Size

    169KB

  • Sample

    220531-gkrqmsgaf5

  • MD5

    7b955932e068086f5684a1fa06144746

  • SHA1

    51f7a62e2055a75dce2a4e2703b9de218b776b52

  • SHA256

    067eb1294e4dd4b17b802236519c2147a4f3ba91cdcadd45a9bf8b3f6e2b742c

  • SHA512

    018dcd40c7663c3bc9ece1e27fb5ab78cfa7d1f0d5aa606a7d87ceacd8fb7be5b0bb4f9ed80247ff8629210c94833b82a6f8d88384719bc03d75a2ba41e5b12c

Score
10/10

Malware Config

Extracted

Family

limerat

Attributes
  • aes_key

    pysenuu

  • antivm

    false

  • c2_url

    https://pastebin.com/raw/smgAS6SG

  • delay

    3

  • download_payload

    false

  • install

    false

  • install_name

    Wservices.exe

  • main_folder

    Temp

  • pin_spread

    false

  • sub_folder

    \

  • usb_spread

    false

Targets

    • Target

      067eb1294e4dd4b17b802236519c2147a4f3ba91cdcadd45a9bf8b3f6e2b742c

    • Size

      169KB

    • MD5

      7b955932e068086f5684a1fa06144746

    • SHA1

      51f7a62e2055a75dce2a4e2703b9de218b776b52

    • SHA256

      067eb1294e4dd4b17b802236519c2147a4f3ba91cdcadd45a9bf8b3f6e2b742c

    • SHA512

      018dcd40c7663c3bc9ece1e27fb5ab78cfa7d1f0d5aa606a7d87ceacd8fb7be5b0bb4f9ed80247ff8629210c94833b82a6f8d88384719bc03d75a2ba41e5b12c

    Score
    10/10
    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

    • Executes dropped EXE

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks