limerat | 2e13890ad41d07c20e2f6cec6d162fa7ecba08a1f57e4a34ab4988f4964e5aa2 | Triage

Sharing

General

Target

2e13890ad41d07c20e2f6cec6d162fa7ecba08a1f57e4a34ab4988f4964e5aa2
Size

17.3MB
Sample

221130-w31htsge6s
MD5

bb5b6495d22a722624313fb4076749cb
SHA1

c7db683ca054476a7ba37932b22ba9d131140213
SHA256

2e13890ad41d07c20e2f6cec6d162fa7ecba08a1f57e4a34ab4988f4964e5aa2
SHA512

9f5e5c6d1d27143c3d9166fc0620c97a5af06639903e7ea584ba8b24c4756dc7f1fbaee8de6bb9ad3bb45c0a3899fcc3cc7e181dbf151f5075ef9c935fb0c1bc
SSDEEP

393216:rcJYwsM/YX3UZiVEiq+mEwZjGVanL54XVSeygXiWjT3iBGsIcRxiJOzMNe5vjAKG:uYjM/9+EC0tCky4eywf3iosJ6JOAN8v4

Score

10^/10

limerat persistence rat

Malware Config

Targets

- Target
  
  2e13890ad41d07c20e2f6cec6d162fa7ecba08a1f57e4a34ab4988f4964e5aa2
- Size
  
  17.3MB
- MD5
  
  bb5b6495d22a722624313fb4076749cb
- SHA1
  
  c7db683ca054476a7ba37932b22ba9d131140213
- SHA256
  
  2e13890ad41d07c20e2f6cec6d162fa7ecba08a1f57e4a34ab4988f4964e5aa2
- SHA512
  
  9f5e5c6d1d27143c3d9166fc0620c97a5af06639903e7ea584ba8b24c4756dc7f1fbaee8de6bb9ad3bb45c0a3899fcc3cc7e181dbf151f5075ef9c935fb0c1bc
- SSDEEP
  
  393216:rcJYwsM/YX3UZiVEiq+mEwZjGVanL54XVSeygXiWjT3iBGsIcRxiJOzMNe5vjAKG:uYjM/9+EC0tCky4eywf3iosJ6JOAN8v4
Score

10^/10

limerat persistence rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

limeratpersistencerat