General

  • Target

    1a422b2a6288cbb50beb3c380df782bcccf7516e74fceb799d5e1b014e9fb252

  • Size

    578KB

  • Sample

    220608-eedkqabhd3

  • MD5

    47ecbdb0923b8a4f61cee15070166420

  • SHA1

    124584f17de3f288f9f3294338070df80c409186

  • SHA256

    1a422b2a6288cbb50beb3c380df782bcccf7516e74fceb799d5e1b014e9fb252

  • SHA512

    f1824101e2e55c638e3c446f3bd10a9f96f20ddd5341de54c4b0afbc46efd02976bd73040724d7c75868dde6c09ca151c891fb1d825866b3e461a86900599e38

Score
10/10

Malware Config

Extracted

Family

limerat

Wallets

359Z6KxMenwvgkA7vpGeBtinJPTj5raZz8

Attributes
  • aes_key

    arglobal

  • antivm

    false

  • c2_url

    https://pastebin.com/raw/CV5RHE9G

  • delay

    3

  • download_payload

    false

  • install

    false

  • install_name

    Wservices.exe

  • main_folder

    Temp

  • pin_spread

    false

  • sub_folder

    \

  • usb_spread

    false

Targets

    • Target

      1a422b2a6288cbb50beb3c380df782bcccf7516e74fceb799d5e1b014e9fb252

    • Size

      578KB

    • MD5

      47ecbdb0923b8a4f61cee15070166420

    • SHA1

      124584f17de3f288f9f3294338070df80c409186

    • SHA256

      1a422b2a6288cbb50beb3c380df782bcccf7516e74fceb799d5e1b014e9fb252

    • SHA512

      f1824101e2e55c638e3c446f3bd10a9f96f20ddd5341de54c4b0afbc46efd02976bd73040724d7c75868dde6c09ca151c891fb1d825866b3e461a86900599e38

    Score
    10/10
    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

    • Drops startup file

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks