Analysis Overview
SHA256
fd29c69eabf95a7dd9921e16ad97e2a74ec6634d19e29251038a5b575f52f5db
Threat Level: Known bad
The file fd29c69eabf95a7dd9921e16ad97e2a74ec6634d19e29251038a5b575f52f5db was found to be: Known bad.
Malicious Activity Summary
Limerat family
LimeRAT
Legitimate hosting services abused for malware hosting/C2
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-07-31 08:30
Signatures
Limerat family
Analysis: behavioral1
Detonation Overview
Submitted
2022-07-31 08:30
Reported
2022-07-31 11:39
Platform
win7-20220718-en
Max time kernel
128s
Max time network
173s
Command Line
Signatures
LimeRAT
Legitimate hosting services abused for malware hosting/C2
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\fd29c69eabf95a7dd9921e16ad97e2a74ec6634d19e29251038a5b575f52f5db.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\fd29c69eabf95a7dd9921e16ad97e2a74ec6634d19e29251038a5b575f52f5db.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\fd29c69eabf95a7dd9921e16ad97e2a74ec6634d19e29251038a5b575f52f5db.exe
"C:\Users\Admin\AppData\Local\Temp\fd29c69eabf95a7dd9921e16ad97e2a74ec6634d19e29251038a5b575f52f5db.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.20.67.143:443 | pastebin.com | tcp |
| RU | 178.206.235.125:1604 | tcp | |
| RU | 178.206.235.125:1604 | tcp |
Files
memory/1572-54-0x00000000011F0000-0x00000000011FC000-memory.dmp
memory/1572-55-0x00000000763E1000-0x00000000763E3000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-07-31 08:30
Reported
2022-07-31 11:40
Platform
win10v2004-20220721-en
Max time kernel
227s
Max time network
239s
Command Line
Signatures
LimeRAT
Legitimate hosting services abused for malware hosting/C2
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\fd29c69eabf95a7dd9921e16ad97e2a74ec6634d19e29251038a5b575f52f5db.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\fd29c69eabf95a7dd9921e16ad97e2a74ec6634d19e29251038a5b575f52f5db.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\fd29c69eabf95a7dd9921e16ad97e2a74ec6634d19e29251038a5b575f52f5db.exe
"C:\Users\Admin\AppData\Local\Temp\fd29c69eabf95a7dd9921e16ad97e2a74ec6634d19e29251038a5b575f52f5db.exe"
Network
| Country | Destination | Domain | Proto |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.220.29:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 8.238.21.126:80 | tcp | |
| US | 20.189.173.9:443 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.20.67.143:443 | pastebin.com | tcp |
| FR | 2.16.119.157:443 | tcp | |
| US | 104.20.67.143:443 | pastebin.com | tcp |
| FR | 2.16.119.157:443 | tcp | |
| US | 172.67.34.170:443 | pastebin.com | tcp |
| US | 104.20.68.143:443 | pastebin.com | tcp |
Files
memory/5116-130-0x00000000009E0000-0x00000000009EC000-memory.dmp
memory/5116-131-0x0000000005320000-0x00000000053BC000-memory.dmp
memory/5116-132-0x00000000053F0000-0x0000000005456000-memory.dmp
memory/5116-133-0x0000000005FF0000-0x0000000006594000-memory.dmp