General
-
Target
abe4ff36c8c3a6cb420fd3fabf0df23f.exe
-
Size
46KB
-
Sample
221224-wwfvvaad44
-
MD5
abe4ff36c8c3a6cb420fd3fabf0df23f
-
SHA1
eada417aebe70a6b002f5d4244366fc6ad579000
-
SHA256
e360c69993aeff3cece090d1ac380c5da51739c4f2a19a0870dde8541afdeb3c
-
SHA512
c056f5a7c9ad5a2e8af116438ce8b861b1da69ed2d13ab3ea46407e064e9cd680e2d716d473f951e3ee9f79a730d21ed6e2663ef3aab25396cf8c92d2561e39b
-
SSDEEP
768:UpCu6vzwdlWN8hOY45NVg1UWj/eb3AsMtY7eb3AsMt:Up6zwdQNbl50CTA/YqTA/
Malware Config
Extracted
limerat
-
aes_key
1478967
-
antivm
false
-
c2_url
https://pastebin.com/raw/Afe0QGiz
-
delay
3
-
download_payload
false
-
install
true
-
install_name
ApplicationFrameHost.exe
-
main_folder
AppData
-
pin_spread
true
-
sub_folder
\
-
usb_spread
true
Targets
-
-
Target
abe4ff36c8c3a6cb420fd3fabf0df23f.exe
-
Size
46KB
-
MD5
abe4ff36c8c3a6cb420fd3fabf0df23f
-
SHA1
eada417aebe70a6b002f5d4244366fc6ad579000
-
SHA256
e360c69993aeff3cece090d1ac380c5da51739c4f2a19a0870dde8541afdeb3c
-
SHA512
c056f5a7c9ad5a2e8af116438ce8b861b1da69ed2d13ab3ea46407e064e9cd680e2d716d473f951e3ee9f79a730d21ed6e2663ef3aab25396cf8c92d2561e39b
-
SSDEEP
768:UpCu6vzwdlWN8hOY45NVg1UWj/eb3AsMtY7eb3AsMt:Up6zwdQNbl50CTA/YqTA/
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-