General

  • Target

    1337SKINCHANGER_AUTO UPDATER.bat

  • Size

    5KB

  • Sample

    230123-y145cafc45

  • MD5

    02f6efbb4849349ca77f07c0ce7bdbc6

  • SHA1

    8b0fae03051d5be54bfba38799a61c32650dd70f

  • SHA256

    d331b014de598cac5a9d01b1c09110c7d74c7c048c4d205ea788e28ea9e44ad3

  • SHA512

    bb139fcc4681ceb65b46dba350225d521533e9efb0f317174bd012be5c4d432837fd4a4df51147073179e56d64e46f89863d9d92d6ac0cf10d488344bac93431

  • SSDEEP

    96:JrKauGplCGllAF8GrGCseFg5GoYXG0FCYrvHESiSCGFFYYrIGFgwlGi3GuGqWgGs:eraYExm6wBrxn0YUVEZ

Score
10/10

Malware Config

Extracted

Family

limerat

Attributes
  • aes_key

    $13377331$

  • antivm

    true

  • c2_url

    https://pastebin.com/raw/kpr8P98b

  • delay

    20

  • download_payload

    false

  • install

    true

  • install_name

    Microsoft Edge.exe

  • main_folder

    UserProfile

  • pin_spread

    false

  • sub_folder

    \Microsoft\Edge\Application\Microsoft Edge\

  • usb_spread

    false

Targets

    • Target

      1337SKINCHANGER_AUTO UPDATER.bat

    • Size

      5KB

    • MD5

      02f6efbb4849349ca77f07c0ce7bdbc6

    • SHA1

      8b0fae03051d5be54bfba38799a61c32650dd70f

    • SHA256

      d331b014de598cac5a9d01b1c09110c7d74c7c048c4d205ea788e28ea9e44ad3

    • SHA512

      bb139fcc4681ceb65b46dba350225d521533e9efb0f317174bd012be5c4d432837fd4a4df51147073179e56d64e46f89863d9d92d6ac0cf10d488344bac93431

    • SSDEEP

      96:JrKauGplCGllAF8GrGCseFg5GoYXG0FCYrvHESiSCGFFYYrIGFgwlGi3GuGqWgGs:eraYExm6wBrxn0YUVEZ

    Score
    10/10
    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

    • Modifies security service

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks