General

  • Target

    110ef1bf1f55e400ef17c8179a25f696c4f667741b89a998ba0ea041fe53e916

  • Size

    562KB

  • Sample

    220604-lzw15aaeg7

  • MD5

    f2530b49d6b1f37cfeee86a51765ab12

  • SHA1

    ab3ca665581d06a8cd9bf7641833b3265888e462

  • SHA256

    110ef1bf1f55e400ef17c8179a25f696c4f667741b89a998ba0ea041fe53e916

  • SHA512

    b26d5977bddf4a58f7e4ef1b33253984492627715952cd7fd5bdb42633a6956b846d05529435db26cc9bf20522a912d948df4ddf352a115c1589e50f474f0e9c

Score
10/10

Malware Config

Extracted

Family

limerat

Wallets

359Z6KxMenwvgkA7vpGeBtinJPTj5raZz8

Attributes
  • aes_key

    arglobal

  • antivm

    false

  • c2_url

    https://pastebin.com/raw/CV5RHE9G

  • delay

    3

  • download_payload

    false

  • install

    false

  • install_name

    Wservices.exe

  • main_folder

    Temp

  • pin_spread

    false

  • sub_folder

    \

  • usb_spread

    false

Targets

    • Target

      110ef1bf1f55e400ef17c8179a25f696c4f667741b89a998ba0ea041fe53e916

    • Size

      562KB

    • MD5

      f2530b49d6b1f37cfeee86a51765ab12

    • SHA1

      ab3ca665581d06a8cd9bf7641833b3265888e462

    • SHA256

      110ef1bf1f55e400ef17c8179a25f696c4f667741b89a998ba0ea041fe53e916

    • SHA512

      b26d5977bddf4a58f7e4ef1b33253984492627715952cd7fd5bdb42633a6956b846d05529435db26cc9bf20522a912d948df4ddf352a115c1589e50f474f0e9c

    Score
    10/10
    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

    • Drops startup file

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks