General
-
Target
1337SKINCHANGER_AUTO UPDATER.bat
-
Size
5KB
-
Sample
230123-y145cafc45
-
MD5
02f6efbb4849349ca77f07c0ce7bdbc6
-
SHA1
8b0fae03051d5be54bfba38799a61c32650dd70f
-
SHA256
d331b014de598cac5a9d01b1c09110c7d74c7c048c4d205ea788e28ea9e44ad3
-
SHA512
bb139fcc4681ceb65b46dba350225d521533e9efb0f317174bd012be5c4d432837fd4a4df51147073179e56d64e46f89863d9d92d6ac0cf10d488344bac93431
-
SSDEEP
96:JrKauGplCGllAF8GrGCseFg5GoYXG0FCYrvHESiSCGFFYYrIGFgwlGi3GuGqWgGs:eraYExm6wBrxn0YUVEZ
Malware Config
Extracted
limerat
-
aes_key
$13377331$
-
antivm
true
-
c2_url
https://pastebin.com/raw/kpr8P98b
-
delay
20
-
download_payload
false
-
install
true
-
install_name
Microsoft Edge.exe
-
main_folder
UserProfile
-
pin_spread
false
-
sub_folder
\Microsoft\Edge\Application\Microsoft Edge\
-
usb_spread
false
Targets
-
-
Target
1337SKINCHANGER_AUTO UPDATER.bat
-
Size
5KB
-
MD5
02f6efbb4849349ca77f07c0ce7bdbc6
-
SHA1
8b0fae03051d5be54bfba38799a61c32650dd70f
-
SHA256
d331b014de598cac5a9d01b1c09110c7d74c7c048c4d205ea788e28ea9e44ad3
-
SHA512
bb139fcc4681ceb65b46dba350225d521533e9efb0f317174bd012be5c4d432837fd4a4df51147073179e56d64e46f89863d9d92d6ac0cf10d488344bac93431
-
SSDEEP
96:JrKauGplCGllAF8GrGCseFg5GoYXG0FCYrvHESiSCGFFYYrIGFgwlGi3GuGqWgGs:eraYExm6wBrxn0YUVEZ
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Modifies security service
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-