General
-
Target
STEAMLOADZ TORRENT GRABBER.bat
-
Size
4KB
-
Sample
230123-1gq5gshc3v
-
MD5
a46a2dcaf4ade017b7a1abb5eeeef85b
-
SHA1
18f930b3659452bc17fbb5589c624a04c4832369
-
SHA256
0f37d1f0afe84c414064c003bb3ec5b979c5c0ff7fcba972e06acc4d3fd3e115
-
SHA512
9822645e42b0842abd63072aee4232afdd90d0f54bd0f6e83ad7e9337638a8adda95b8e8eb92b23c1ead6cc81de4aee6c94f86798d24af6bb530c5bca2dc3132
-
SSDEEP
96:sQA5zScHWAH80DAwgQCYaYNmYwo8r7x0xA1HkxextfIUr7xAxZK1yNmYwr/AnCRO:sr5zScHWAH80DAwZ5aYNdwlnKSVkobf0
Malware Config
Extracted
limerat
-
aes_key
$13377331$
-
antivm
true
-
c2_url
https://pastebin.com/raw/wA0i3ncn
-
delay
3
-
download_payload
false
-
install
true
-
install_name
Microsoft Edge.exe
-
main_folder
UserProfile
-
pin_spread
false
-
sub_folder
\Microsoft\Edge\Application\Microsoft Edge\
-
usb_spread
false
Targets
-
-
Target
STEAMLOADZ TORRENT GRABBER.bat
-
Size
4KB
-
MD5
a46a2dcaf4ade017b7a1abb5eeeef85b
-
SHA1
18f930b3659452bc17fbb5589c624a04c4832369
-
SHA256
0f37d1f0afe84c414064c003bb3ec5b979c5c0ff7fcba972e06acc4d3fd3e115
-
SHA512
9822645e42b0842abd63072aee4232afdd90d0f54bd0f6e83ad7e9337638a8adda95b8e8eb92b23c1ead6cc81de4aee6c94f86798d24af6bb530c5bca2dc3132
-
SSDEEP
96:sQA5zScHWAH80DAwgQCYaYNmYwo8r7x0xA1HkxextfIUr7xAxZK1yNmYwr/AnCRO:sr5zScHWAH80DAwZ5aYNdwlnKSVkobf0
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Modifies security service
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Stops running service(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-