General
-
Target
0a7fa5e8f7cef3cdceb3c887bcf006b14c9efa682e19afbab3f1041288a6146c
-
Size
210KB
-
Sample
230129-1cmlhaeh9v
-
MD5
8d942fdce5d9d12bf87759617b7907c9
-
SHA1
34567a99255df31221e6361016d0138a4ed42fa8
-
SHA256
0a7fa5e8f7cef3cdceb3c887bcf006b14c9efa682e19afbab3f1041288a6146c
-
SHA512
f5147b8ffffd9a3a0fc7db2a4f6981b8fdb2ed18ec8f58e420c884e99e6f915681239b5cebadf3cb035210048c1aa71875978df744f6fde80bb777154bd399d3
-
SSDEEP
3072:Kuk730Xshh+ED085419v6fECJ7Y8XWIMij70ozw+sJF3XY0PN:KT730jEYIK6fpJ7Y8HMK5K
Malware Config
Extracted
limerat
-
aes_key
IRj3SceatjDfweW/qMMw7g==
-
antivm
true
-
c2_url
https://pastebin.com/raw/Jpq3By4t
-
delay
3
-
download_payload
false
-
install
true
-
install_name
Audio Realtek Driver.exe
-
main_folder
AppData
-
pin_spread
false
-
sub_folder
\Audio Realtek Driver\
-
usb_spread
false
Targets
-
-
Target
0a7fa5e8f7cef3cdceb3c887bcf006b14c9efa682e19afbab3f1041288a6146c
-
Size
210KB
-
MD5
8d942fdce5d9d12bf87759617b7907c9
-
SHA1
34567a99255df31221e6361016d0138a4ed42fa8
-
SHA256
0a7fa5e8f7cef3cdceb3c887bcf006b14c9efa682e19afbab3f1041288a6146c
-
SHA512
f5147b8ffffd9a3a0fc7db2a4f6981b8fdb2ed18ec8f58e420c884e99e6f915681239b5cebadf3cb035210048c1aa71875978df744f6fde80bb777154bd399d3
-
SSDEEP
3072:Kuk730Xshh+ED085419v6fECJ7Y8XWIMij70ozw+sJF3XY0PN:KT730jEYIK6fpJ7Y8HMK5K
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-