General

  • Target

    2c94e1ac0a94aa3aa6e03f9ff33eb0f94f916b00ca0a34a4da62d113c438327f

  • Size

    690KB

  • Sample

    220614-19vy5sfgaj

  • MD5

    2251fe3272ac42953467d3359e2733ad

  • SHA1

    c87dcad0d026c13f6dcd6d5205427f7b4147984e

  • SHA256

    2c94e1ac0a94aa3aa6e03f9ff33eb0f94f916b00ca0a34a4da62d113c438327f

  • SHA512

    1778cef71bd98d41e280adf86920d3f5a7bf3fd9dc21d2442c894556bb409ffcb0f6d6ba4f36f0249c3eba039c427149b7a7cd910f0f46b1aa4f0831a682cf2b

Score
10/10

Malware Config

Extracted

Family

limerat

Wallets

359Z6KxMenwvgkA7vpGeBtinJPTj5raZz8

Attributes
  • aes_key

    arglobal

  • antivm

    false

  • c2_url

    https://pastebin.com/raw/CV5RHE9G

  • delay

    3

  • download_payload

    false

  • install

    false

  • install_name

    Wservices.exe

  • main_folder

    Temp

  • pin_spread

    false

  • sub_folder

    \

  • usb_spread

    false

Targets

    • Target

      2c94e1ac0a94aa3aa6e03f9ff33eb0f94f916b00ca0a34a4da62d113c438327f

    • Size

      690KB

    • MD5

      2251fe3272ac42953467d3359e2733ad

    • SHA1

      c87dcad0d026c13f6dcd6d5205427f7b4147984e

    • SHA256

      2c94e1ac0a94aa3aa6e03f9ff33eb0f94f916b00ca0a34a4da62d113c438327f

    • SHA512

      1778cef71bd98d41e280adf86920d3f5a7bf3fd9dc21d2442c894556bb409ffcb0f6d6ba4f36f0249c3eba039c427149b7a7cd910f0f46b1aa4f0831a682cf2b

    Score
    10/10
    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

    • Drops startup file

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks