limerat | 228d45f589db33d9f9afb5fe00f1c0dca51227c1b255d34fe3b9068ce82a47d4 | Triage

Sharing

General

Target

228d45f589db33d9f9afb5fe00f1c0dca51227c1b255d34fe3b9068ce82a47d4.exe
Size

29KB
Sample

221020-3nc8babfg5
MD5

4867caf94a1222a561e9b443a4e01ee6
SHA1

7903ad13a5ba397ff5d79191a089804b003699ff
SHA256

228d45f589db33d9f9afb5fe00f1c0dca51227c1b255d34fe3b9068ce82a47d4
SHA512

7016835d4044a7ce2e7b4019ed185a1f47b3c1e43ca48cc821c7d9e0c9b1cee8a8f80125eb6246e16310348297a864d31e2dcefbdfae944d4976a03f3d5f910c
SSDEEP

768:IqptXM6N2wHiBN0HY45NPhRXKV1TdPKEj:IqpF2wH4IlnmgE

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Wallets

31u93LeqAjhmu48kA6JYNVSyGshBNvnqNS

Attributes

aes_key
%D*G-KaN
antivm
false
c2_url
https://pastebin.com/raw/3YAbmSCc
delay
6
download_payload
false
install
true
install_name
AudioDriver.exe
main_folder
UserProfile
pin_spread
true
sub_folder
\Windows\
usb_spread
true

Targets

- Target
  
  228d45f589db33d9f9afb5fe00f1c0dca51227c1b255d34fe3b9068ce82a47d4.exe
- Size
  
  29KB
- MD5
  
  4867caf94a1222a561e9b443a4e01ee6
- SHA1
  
  7903ad13a5ba397ff5d79191a089804b003699ff
- SHA256
  
  228d45f589db33d9f9afb5fe00f1c0dca51227c1b255d34fe3b9068ce82a47d4
- SHA512
  
  7016835d4044a7ce2e7b4019ed185a1f47b3c1e43ca48cc821c7d9e0c9b1cee8a8f80125eb6246e16310348297a864d31e2dcefbdfae944d4976a03f3d5f910c
- SSDEEP
  
  768:IqptXM6N2wHiBN0HY45NPhRXKV1TdPKEj:IqpF2wH4IlnmgE
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2