General

  • Target

    1108da2e0cb957a6848e5cf398c00ea523cfdd6c41a9d95e4855265e7c88df8e

  • Size

    402KB

  • Sample

    220604-l85pmabba8

  • MD5

    ea915c7c1419e641810ac82e2896094c

  • SHA1

    193c415f7cc86da583daa74057592568e2b9fa71

  • SHA256

    1108da2e0cb957a6848e5cf398c00ea523cfdd6c41a9d95e4855265e7c88df8e

  • SHA512

    b45df5909bceec83b4d0d52605138fce64c4645c013b1e24a8481d72be6041c2a95bc70aee0efeb152e44a599fc9a55f5c3a2a11f6cf8c710e1c25a45584e26c

Score
10/10

Malware Config

Targets

    • Target

      1108da2e0cb957a6848e5cf398c00ea523cfdd6c41a9d95e4855265e7c88df8e

    • Size

      402KB

    • MD5

      ea915c7c1419e641810ac82e2896094c

    • SHA1

      193c415f7cc86da583daa74057592568e2b9fa71

    • SHA256

      1108da2e0cb957a6848e5cf398c00ea523cfdd6c41a9d95e4855265e7c88df8e

    • SHA512

      b45df5909bceec83b4d0d52605138fce64c4645c013b1e24a8481d72be6041c2a95bc70aee0efeb152e44a599fc9a55f5c3a2a11f6cf8c710e1c25a45584e26c

    Score
    10/10
    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

    • Drops startup file

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks