limerat | 39cf80b8b2f6267107baf94a021f6a59379d225b9ce839b367812eae8d3c8cfe | Triage

Sharing

General

Target

39cf80b8b2f6267107baf94a021f6a59379d225b9ce839b367812eae8d3c8cfe
Size

489KB
Sample

230129-1cj6daeh9t
MD5

6b6219d4bdbe2afc7761374809bb6878
SHA1

d38dbfdd5e427de71b0879a02ba5f0fe2c2daf67
SHA256

39cf80b8b2f6267107baf94a021f6a59379d225b9ce839b367812eae8d3c8cfe
SHA512

559c8a80cd12da4756480337397ae0bdbdd4085ff76dbeb7ba0873c257bd973073d3faabb02c18766fe77b3a551f5ee3fe3e5341e7ea619a70292315ad3f3d8d
SSDEEP

3072:yuk730Xshh+ED085419v6fECJ7Y8XWIMij70ozw+sJF3XY0PA:yT730jEYIK6fpJ7Y8HMK5K

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
IRj3SceatjDfweW/qMMw7g==
antivm
true
c2_url
https://pastebin.com/raw/Jpq3By4t
delay
3
download_payload
false
install
true
install_name
Audio Realtek Driver.exe
main_folder
AppData
pin_spread
false
sub_folder
\Audio Realtek Driver\
usb_spread
false

Targets

- Target
  
  39cf80b8b2f6267107baf94a021f6a59379d225b9ce839b367812eae8d3c8cfe
- Size
  
  489KB
- MD5
  
  6b6219d4bdbe2afc7761374809bb6878
- SHA1
  
  d38dbfdd5e427de71b0879a02ba5f0fe2c2daf67
- SHA256
  
  39cf80b8b2f6267107baf94a021f6a59379d225b9ce839b367812eae8d3c8cfe
- SHA512
  
  559c8a80cd12da4756480337397ae0bdbdd4085ff76dbeb7ba0873c257bd973073d3faabb02c18766fe77b3a551f5ee3fe3e5341e7ea619a70292315ad3f3d8d
- SSDEEP
  
  3072:yuk730Xshh+ED085419v6fECJ7Y8XWIMij70ozw+sJF3XY0PA:yT730jEYIK6fpJ7Y8HMK5K
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2