limerat | ee70d7fa5708801ccb2cf83b9bbb324da90e90b6a0c708c643680c6018a7fbab | Triage

Sharing

General

Target

ee70d7fa5708801ccb2cf83b9bbb324da90e90b6a0c708c643680c6018a7fbab
Size

48KB
Sample

221125-l5d3hadb3s
MD5

6f23275eccec12e9a909fab9729c3497
SHA1

9e74264aa2466fff3dd85cd1beaa64d29f9470c6
SHA256

ee70d7fa5708801ccb2cf83b9bbb324da90e90b6a0c708c643680c6018a7fbab
SHA512

6950b8071e986bdff8e76f1934dc88f3fb52baa3e754d941d7cab0912f0b468344ccf0c62b16431e5bf391278e764ca209b3a93ebc38364d2697fb258c5348ac
SSDEEP

768:nNvp6SGik0sciGmgawGhmJmtTqPTkAVMwA/pqec4q4uwDnuZ3zo77yN:r6hV0scPmga0iUTksAJaEn4lN

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
IRj3SceatjDfweW/qMMw7g==
antivm
true
c2_url
https://pastebin.com/raw/Ex7adUSH
delay
3
download_payload
false
install
true
install_name
svchost.exe
main_folder
AppData
pin_spread
false
sub_folder
\Winifi\
usb_spread
false

Targets

- Target
  
  ee70d7fa5708801ccb2cf83b9bbb324da90e90b6a0c708c643680c6018a7fbab
- Size
  
  48KB
- MD5
  
  6f23275eccec12e9a909fab9729c3497
- SHA1
  
  9e74264aa2466fff3dd85cd1beaa64d29f9470c6
- SHA256
  
  ee70d7fa5708801ccb2cf83b9bbb324da90e90b6a0c708c643680c6018a7fbab
- SHA512
  
  6950b8071e986bdff8e76f1934dc88f3fb52baa3e754d941d7cab0912f0b468344ccf0c62b16431e5bf391278e764ca209b3a93ebc38364d2697fb258c5348ac
- SSDEEP
  
  768:nNvp6SGik0sciGmgawGhmJmtTqPTkAVMwA/pqec4q4uwDnuZ3zo77yN:r6hV0scPmga0iUTksAJaEn4lN
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2