limerat | 945b71b62abed5c7bca32598ce35d828e6519a87611e22d8bafdbd8580b88926 | Triage

Sharing

General

Target

New-Client.exe
Size

28KB
Sample

230108-crx4saga3z
MD5

595eb9160ea60139e2834f8216667ab8
SHA1

4ada679c3e5bd7b17171f77a062132f2d9b0805a
SHA256

945b71b62abed5c7bca32598ce35d828e6519a87611e22d8bafdbd8580b88926
SHA512

21938877df6b97325794e493cb51655f05b5e75269d8ac0e58c232acc95f037680d43cf1d795dc6af096cc0639770bd886e8f6012c44b12888fc720c4dd4a976
SSDEEP

384:By+SbjTNKb186ki1AHJ/OWqD8A+kqvDKNrCeJE3WNgO3V/CpOcgvR5EQro3lc79Q:A+bm6ki1wJbA+ko45Nz/wOc85mrj

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
asf
antivm
true
c2_url
https://pastebin.com/sprwUYBJ
delay
3
download_payload
false
install
false
install_name
Wservices.exe
main_folder
Temp
pin_spread
false
sub_folder
\
usb_spread
false

Targets

- Target
  
  New-Client.exe
- Size
  
  28KB
- MD5
  
  595eb9160ea60139e2834f8216667ab8
- SHA1
  
  4ada679c3e5bd7b17171f77a062132f2d9b0805a
- SHA256
  
  945b71b62abed5c7bca32598ce35d828e6519a87611e22d8bafdbd8580b88926
- SHA512
  
  21938877df6b97325794e493cb51655f05b5e75269d8ac0e58c232acc95f037680d43cf1d795dc6af096cc0639770bd886e8f6012c44b12888fc720c4dd4a976
- SSDEEP
  
  384:By+SbjTNKb186ki1AHJ/OWqD8A+kqvDKNrCeJE3WNgO3V/CpOcgvR5EQro3lc79Q:A+bm6ki1wJbA+ko45Nz/wOc85mrj
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1