Extracted

• • Target

    70f4c33eda2d8cdd793fe141489293be4ec4f70e29a55d3a4c63bac9b27d451d

  • Size

    490KB

  • MD5

    d7c698bb604fa3cc4babbcc3a6c79a45

  • SHA1

    a22e125421efcb351108e064944a4c9f10256df7

  • SHA256

    70f4c33eda2d8cdd793fe141489293be4ec4f70e29a55d3a4c63bac9b27d451d

  • SHA512

    bff352f54437900b94ea2846310a00f8bfbf3732a45522e5e91130cd45bd43cf34798126b9e3d8554266760865a700382b55b4544a12808b588af95e30a5b6ba

  • SSDEEP

    3072:Nuk730Xshh+ED085419v6fECJ7Y8XWIMij70ozw+sJF3XY0PGk:NT730jEYIK6fpJ7Y8HMK5KZ

  Score

  10^/10

  limeratrat

  • LimeRAT

    Simple yet powerful RAT for Windows machines written in .NET.

    ratlimerat

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2