limerat | a14a7db2cd820a22051c2fc7e7fde1742a3a229629def61199fd35eec1807edf | Triage

Sharing

General

Target

a14a7db2cd820a22051c2fc7e7fde1742a3a229629def61199fd35eec1807edf
Size

209KB
Sample

230129-1cgegseh81
MD5

8f2b5ea332e3ccce22b109de0cfe4fd7
SHA1

8938199f8346c6a27a106bfae658017613d7f935
SHA256

a14a7db2cd820a22051c2fc7e7fde1742a3a229629def61199fd35eec1807edf
SHA512

f1b04d1c264255deedc5f627b13279589b7ac06685ebfd1c90f670b8bbda450a1faab796fc3226180c790c0891eab0e286d2c533bfd252ed795b63e3086a0383
SSDEEP

3072:v2gawntv0gTmsqBSNAVk2ThBmbIenFqeWnKpAAKg6HvF:uFsvFCsqoNI/+FunKpAA6

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
IRj3SceatjDfweW/qMMw7g==
antivm
false
c2_url
https://pastebin.com/raw/Pzx225ZB
delay
3
download_payload
false
install
true
install_name
Audio Realtek Driver.exe
main_folder
AppData
pin_spread
true
sub_folder
\Audio Realtek Driver\
usb_spread
false

Targets

- Target
  
  a14a7db2cd820a22051c2fc7e7fde1742a3a229629def61199fd35eec1807edf
- Size
  
  209KB
- MD5
  
  8f2b5ea332e3ccce22b109de0cfe4fd7
- SHA1
  
  8938199f8346c6a27a106bfae658017613d7f935
- SHA256
  
  a14a7db2cd820a22051c2fc7e7fde1742a3a229629def61199fd35eec1807edf
- SHA512
  
  f1b04d1c264255deedc5f627b13279589b7ac06685ebfd1c90f670b8bbda450a1faab796fc3226180c790c0891eab0e286d2c533bfd252ed795b63e3086a0383
- SSDEEP
  
  3072:v2gawntv0gTmsqBSNAVk2ThBmbIenFqeWnKpAAKg6HvF:uFsvFCsqoNI/+FunKpAA6
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2