limerat | 98bd317536a3897e12a06396535593e6df8d2bef351f0f4e4f248e71c26cbbc7 | Triage

Sharing

General

Target

98bd317536a3897e12a06396535593e6df8d2bef351f0f4e4f248e71c26cbbc7
Size

332KB
Sample

221130-xs5v8sfg46
MD5

a3e1ee0eaca1c17b5c1956bd09d198b0
SHA1

840f647a39d9d520441ebc4d8f58e215fbcafcd3
SHA256

98bd317536a3897e12a06396535593e6df8d2bef351f0f4e4f248e71c26cbbc7
SHA512

189bbf227ef0886d2a2154f9effa76882024ba5a21f2fbdcbb90dce28473e77a216e9a0a509c221c7add03be36f835819fc710128fe03d5f828638702294f59e
SSDEEP

6144:rP0d79h8N+c8ruZNX0d8vHDOCELIu/Q7gQQBjsj6tD4IA4T1qR:ro9CF+SNXUAHkP/SPQBjsrm1

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
IRj3SceatjDfweW/qMMw7g==
antivm
true
c2_url
https://pastebin.com/raw/p8Be8nNX
delay
3
download_payload
false
install
true
install_name
Windows Update.exe
main_folder
UserProfile
pin_spread
false
sub_folder
\Windows\
usb_spread
false

Targets

- Target
  
  98bd317536a3897e12a06396535593e6df8d2bef351f0f4e4f248e71c26cbbc7
- Size
  
  332KB
- MD5
  
  a3e1ee0eaca1c17b5c1956bd09d198b0
- SHA1
  
  840f647a39d9d520441ebc4d8f58e215fbcafcd3
- SHA256
  
  98bd317536a3897e12a06396535593e6df8d2bef351f0f4e4f248e71c26cbbc7
- SHA512
  
  189bbf227ef0886d2a2154f9effa76882024ba5a21f2fbdcbb90dce28473e77a216e9a0a509c221c7add03be36f835819fc710128fe03d5f828638702294f59e
- SSDEEP
  
  6144:rP0d79h8N+c8ruZNX0d8vHDOCELIu/Q7gQQBjsj6tD4IA4T1qR:ro9CF+SNXUAHkP/SPQBjsrm1
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2