General
-
Target
abe4ff36c8c3a6cb420fd3fabf0df23f.bin
-
Size
22KB
-
Sample
230116-1zpz5sec32
-
MD5
aed2663568a126511db9c301c34d8698
-
SHA1
f551ade9777bf30ddb77fea2c1222efaba23f9f8
-
SHA256
66ddd93605729379b6c5ac48f00cdf04bba08a188431bafd6ba0b3d4aa356e14
-
SHA512
13dbc5d70e59c798cb8a7d5315ba21addea69af9b5e6d4b64ad82c2a3d7c708ec58b9534342e5ca879f81da81c39a9ce852f46de70de10a21be608104ac03cc3
-
SSDEEP
384:mQ4qudOHRBKQAXLaL4nglmR9VaWMGH5oHZ5CjSd3M9pHMgKo9KWc0Thqn:mFquCKQAXO4n6mR9CDKud89yDonzTu
Malware Config
Extracted
limerat
-
aes_key
1478967
-
antivm
false
-
c2_url
https://pastebin.com/raw/Afe0QGiz
-
delay
3
-
download_payload
false
-
install
true
-
install_name
ApplicationFrameHost.exe
-
main_folder
AppData
-
pin_spread
true
-
sub_folder
\
-
usb_spread
true
Targets
-
-
Target
e360c69993aeff3cece090d1ac380c5da51739c4f2a19a0870dde8541afdeb3c.exe
-
Size
46KB
-
MD5
abe4ff36c8c3a6cb420fd3fabf0df23f
-
SHA1
eada417aebe70a6b002f5d4244366fc6ad579000
-
SHA256
e360c69993aeff3cece090d1ac380c5da51739c4f2a19a0870dde8541afdeb3c
-
SHA512
c056f5a7c9ad5a2e8af116438ce8b861b1da69ed2d13ab3ea46407e064e9cd680e2d716d473f951e3ee9f79a730d21ed6e2663ef3aab25396cf8c92d2561e39b
-
SSDEEP
768:UpCu6vzwdlWN8hOY45NVg1UWj/eb3AsMtY7eb3AsMt:Up6zwdQNbl50CTA/YqTA/
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-