General

  • Target

    2304394f01a29ed686a669cfbda920e689e146c18bca938ee37e27646c0497b9

  • Size

    923KB

  • Sample

    220612-dlhycabfar

  • MD5

    64fdc4f0adb61e2c9e214eedb8754c51

  • SHA1

    7b82469530e364f20d0e1890eb5eb6f38395f2fa

  • SHA256

    2304394f01a29ed686a669cfbda920e689e146c18bca938ee37e27646c0497b9

  • SHA512

    78824a1a898ee6fd410de2078842f03d960bac743e6b644b8df434f6c091d807ebb8ecd4dc38ce8559f887753894a69c29445b04d0cc4618cfe78fbac06e8495

Score
10/10

Malware Config

Extracted

Family

limerat

Wallets

1MbfbaoWSZmn5S9NCaT22eWc3iBAMY1KYj

Attributes
  • aes_key

    hash

  • antivm

    false

  • c2_url

    https://pastebin.com/raw/kvG0pZaT

  • delay

    3

  • download_payload

    false

  • install

    false

  • install_name

    Wservices.exe

  • main_folder

    Temp

  • pin_spread

    false

  • sub_folder

    \

  • usb_spread

    false

Targets

    • Target

      2304394f01a29ed686a669cfbda920e689e146c18bca938ee37e27646c0497b9

    • Size

      923KB

    • MD5

      64fdc4f0adb61e2c9e214eedb8754c51

    • SHA1

      7b82469530e364f20d0e1890eb5eb6f38395f2fa

    • SHA256

      2304394f01a29ed686a669cfbda920e689e146c18bca938ee37e27646c0497b9

    • SHA512

      78824a1a898ee6fd410de2078842f03d960bac743e6b644b8df434f6c091d807ebb8ecd4dc38ce8559f887753894a69c29445b04d0cc4618cfe78fbac06e8495

    Score
    10/10
    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

    • Drops startup file

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks