Malware Analysis Report

2024-11-16 13:09

Sample ID 220701-fybqxafch3
Target 6fce062559323df71306b77dc2c6a468c90fb1187496b51fd1dfb02799cc86c4
SHA256 6fce062559323df71306b77dc2c6a468c90fb1187496b51fd1dfb02799cc86c4
Tags
limerat rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6fce062559323df71306b77dc2c6a468c90fb1187496b51fd1dfb02799cc86c4

Threat Level: Known bad

The file 6fce062559323df71306b77dc2c6a468c90fb1187496b51fd1dfb02799cc86c4 was found to be: Known bad.

Malicious Activity Summary

limerat rat

LimeRAT

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-07-01 05:16

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-07-01 05:16

Reported

2022-07-01 06:15

Platform

win7-20220414-en

Max time kernel

134s

Max time network

168s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6fce062559323df71306b77dc2c6a468c90fb1187496b51fd1dfb02799cc86c4.exe"

Signatures

LimeRAT

rat limerat

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6fce062559323df71306b77dc2c6a468c90fb1187496b51fd1dfb02799cc86c4.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6fce062559323df71306b77dc2c6a468c90fb1187496b51fd1dfb02799cc86c4.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6fce062559323df71306b77dc2c6a468c90fb1187496b51fd1dfb02799cc86c4.exe

"C:\Users\Admin\AppData\Local\Temp\6fce062559323df71306b77dc2c6a468c90fb1187496b51fd1dfb02799cc86c4.exe"

Network

Country Destination Domain Proto
N/A 10.211.55.14:9036 tcp
N/A 10.211.55.14:9036 tcp
N/A 10.211.55.14:9036 tcp
N/A 10.211.55.14:9036 tcp
N/A 10.211.55.14:9036 tcp

Files

memory/1728-54-0x0000000076171000-0x0000000076173000-memory.dmp

memory/1728-55-0x0000000074860000-0x0000000074E0B000-memory.dmp

memory/1728-56-0x0000000074860000-0x0000000074E0B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-07-01 05:16

Reported

2022-07-01 06:15

Platform

win10v2004-20220414-en

Max time kernel

150s

Max time network

166s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6fce062559323df71306b77dc2c6a468c90fb1187496b51fd1dfb02799cc86c4.exe"

Signatures

LimeRAT

rat limerat

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6fce062559323df71306b77dc2c6a468c90fb1187496b51fd1dfb02799cc86c4.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6fce062559323df71306b77dc2c6a468c90fb1187496b51fd1dfb02799cc86c4.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6fce062559323df71306b77dc2c6a468c90fb1187496b51fd1dfb02799cc86c4.exe

"C:\Users\Admin\AppData\Local\Temp\6fce062559323df71306b77dc2c6a468c90fb1187496b51fd1dfb02799cc86c4.exe"

Network

Country Destination Domain Proto
US 93.184.220.29:80 tcp
N/A 10.211.55.14:9036 tcp
US 13.89.178.27:443 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
N/A 10.211.55.14:9036 tcp
US 93.184.221.240:80 tcp
US 13.107.4.50:80 tcp
N/A 10.211.55.14:9036 tcp
N/A 10.211.55.14:9036 tcp
US 93.184.221.240:80 tcp
N/A 10.211.55.14:9036 tcp
N/A 10.211.55.14:9036 tcp

Files

memory/4288-130-0x0000000075000000-0x00000000755B1000-memory.dmp

memory/4288-131-0x0000000075000000-0x00000000755B1000-memory.dmp