limerat | 92fc4bdb9053449a89d026ec6846ba2655cc2b03022a48aa05e1e6a192027b25 | Triage

Sharing

General

Target

2056c28d1bb7a5721582665185d330a1.exe
Size

28KB
Sample

220805-l7xydsbacr
MD5

2056c28d1bb7a5721582665185d330a1
SHA1

b963a3112f57d4e8755e0da92c66c58ecd77b314
SHA256

92fc4bdb9053449a89d026ec6846ba2655cc2b03022a48aa05e1e6a192027b25
SHA512

2491caad315033c7db452439643afdc0fa263ecf4a1bb97c9e1dd9b8e6504f145f4df098b8c2be05e6c56fd4dbab1c46c47f9a3cee1ef1b6c2291fd187de0ced

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
B E S H O
antivm
false
c2_url
https://pastebin.com/raw/9uk330hR
delay
3
download_payload
false
install
false
install_name
Wservices.exe
main_folder
AppData
pin_spread
false
sub_folder
\
usb_spread
true

Targets

- Target
  
  2056c28d1bb7a5721582665185d330a1.exe
- Size
  
  28KB
- MD5
  
  2056c28d1bb7a5721582665185d330a1
- SHA1
  
  b963a3112f57d4e8755e0da92c66c58ecd77b314
- SHA256
  
  92fc4bdb9053449a89d026ec6846ba2655cc2b03022a48aa05e1e6a192027b25
- SHA512
  
  2491caad315033c7db452439643afdc0fa263ecf4a1bb97c9e1dd9b8e6504f145f4df098b8c2be05e6c56fd4dbab1c46c47f9a3cee1ef1b6c2291fd187de0ced
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2