limerat | 2be6c7976a301bd278c9df31df9639dea0b0b490d5e2645cb3a0a53749cadccf | Triage

Sharing

General

Target

2be6c7976a301bd278c9df31df9639dea0b0b490d5e2645cb3a0a53749cadccf
Size

1.0MB
Sample

230129-tqgh3sdd37
MD5

f5f29c80204147fa8aba64434bb3957e
SHA1

3322c15245c46987b0f5eae9639d60b5a5cdbaf9
SHA256

2be6c7976a301bd278c9df31df9639dea0b0b490d5e2645cb3a0a53749cadccf
SHA512

dacc35016cd779acba7e8990b3fea02675086c456f899916714e5eccea04c93b2e9f3db11696bec810e27a6ca693d5060b59ec2cee412d5800a764fae49cd57b
SSDEEP

24576:P3I4svz6qwqSzE5COV+jpiyf4ujQDG5v74WW0:PklwvzwRSpi8Ia5vm

Score

10^/10

limerat rat

Malware Config

Targets

- Target
  
  2be6c7976a301bd278c9df31df9639dea0b0b490d5e2645cb3a0a53749cadccf
- Size
  
  1.0MB
- MD5
  
  f5f29c80204147fa8aba64434bb3957e
- SHA1
  
  3322c15245c46987b0f5eae9639d60b5a5cdbaf9
- SHA256
  
  2be6c7976a301bd278c9df31df9639dea0b0b490d5e2645cb3a0a53749cadccf
- SHA512
  
  dacc35016cd779acba7e8990b3fea02675086c456f899916714e5eccea04c93b2e9f3db11696bec810e27a6ca693d5060b59ec2cee412d5800a764fae49cd57b
- SSDEEP
  
  24576:P3I4svz6qwqSzE5COV+jpiyf4ujQDG5v74WW0:PklwvzwRSpi8Ia5vm
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2