limerat | f93b734b68aec7b56f109b66824e890f136ec3074054569da3564ae692bdba47 | Triage

Sharing

General

Target

f93b734b68aec7b56f109b66824e890f136ec3074054569da3564ae692bdba47
Size

474KB
Sample

230129-1cdnlaeh8z
MD5

4cf98b24fc122a1bb1caba9a24b8ba2a
SHA1

ad3acaf230973173d8559e6052246c0abac095f1
SHA256

f93b734b68aec7b56f109b66824e890f136ec3074054569da3564ae692bdba47
SHA512

e515bc6eadba5eeb2db58f4b0edce880c71b5e9a70786034548202d0ced11595b5a2cd12b3ef62ed67f3fcacf0dc903f9d4281987203a9fad367c53f4acdc341
SSDEEP

3072:glJnrm/FUBQk0BOW+wFRfOmh8MkWqdqTGNP4lIFwd6KeWvWhB5HSk:gTr0+BE+wFRzhVkWnaSPd6K6hB5R

Score

10^/10

limerat rat

Malware Config

Targets

- Target
  
  f93b734b68aec7b56f109b66824e890f136ec3074054569da3564ae692bdba47
- Size
  
  474KB
- MD5
  
  4cf98b24fc122a1bb1caba9a24b8ba2a
- SHA1
  
  ad3acaf230973173d8559e6052246c0abac095f1
- SHA256
  
  f93b734b68aec7b56f109b66824e890f136ec3074054569da3564ae692bdba47
- SHA512
  
  e515bc6eadba5eeb2db58f4b0edce880c71b5e9a70786034548202d0ced11595b5a2cd12b3ef62ed67f3fcacf0dc903f9d4281987203a9fad367c53f4acdc341
- SSDEEP
  
  3072:glJnrm/FUBQk0BOW+wFRfOmh8MkWqdqTGNP4lIFwd6KeWvWhB5HSk:gTr0+BE+wFRzhVkWnaSPd6K6hB5R
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2