limerat | 1c0a20b9f16454d81b193721bb78ade2c70ccd503e76d9cdad7db7568064585c | Triage

Sharing

General

Target

1c0a20b9f16454d81b193721bb78ade2c70ccd503e76d9cdad7db7568064585c
Size

51KB
Sample

230129-1cldfade32
MD5

6707ad66e20d361e5b99addbd276a5de
SHA1

98973242d2b7c2cff5471f512154abfb90b3f242
SHA256

1c0a20b9f16454d81b193721bb78ade2c70ccd503e76d9cdad7db7568064585c
SHA512

a3c68349ff9969b83b00fa9e571dccd42af79092fd4f1d6a8120df11a787ac0ce140f78290de73443ed68a4cde41576b72b62faaac1a31f527f2f24cf819fae3
SSDEEP

768:ivAVecSXuXkkZwLnuivpcWKV4M3AT154QawGhmJmtTqPBWypMSFgLALQKTU:iv5cgawn3XKV1E54Qa0iUBbFgqbw

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
IRj3SceatjDfweW/qMMw7g==
antivm
false
c2_url
https://pastebin.com/raw/Pzx225ZB
delay
3
download_payload
false
install
true
install_name
Audio Realtek Driver.exe
main_folder
AppData
pin_spread
true
sub_folder
\Audio Realtek Driver\
usb_spread
false

Targets

- Target
  
  1c0a20b9f16454d81b193721bb78ade2c70ccd503e76d9cdad7db7568064585c
- Size
  
  51KB
- MD5
  
  6707ad66e20d361e5b99addbd276a5de
- SHA1
  
  98973242d2b7c2cff5471f512154abfb90b3f242
- SHA256
  
  1c0a20b9f16454d81b193721bb78ade2c70ccd503e76d9cdad7db7568064585c
- SHA512
  
  a3c68349ff9969b83b00fa9e571dccd42af79092fd4f1d6a8120df11a787ac0ce140f78290de73443ed68a4cde41576b72b62faaac1a31f527f2f24cf819fae3
- SSDEEP
  
  768:ivAVecSXuXkkZwLnuivpcWKV4M3AT154QawGhmJmtTqPBWypMSFgLALQKTU:iv5cgawn3XKV1E54Qa0iUBbFgqbw
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2