limerat | 7859740232ba30c9e00dc78a71cfc0a75f16aa571059cf02df31029c0bb85319 | Triage

Sharing

General

Target

7859740232ba30c9e00dc78a71cfc0a75f16aa571059cf02df31029c0bb85319
Size

355KB
Sample

230129-wxqrfaab2x
MD5

24987b39b8a846d660c278b90f4b65f1
SHA1

84b4dd54c7de1e8de38ecc60402fbc4499b28993
SHA256

7859740232ba30c9e00dc78a71cfc0a75f16aa571059cf02df31029c0bb85319
SHA512

44347c6c76e7fdf1725fbfc65e68fb522cb8475eb2627c3b303a747b27538ec6e61a566d389b4c3c4ac8df6202c8a177418765630ec4ca81976c2e5f72bf6b23
SSDEEP

1536:QVG2xYc42Lcimnw6RVE+ZNh5hnf+TcTQ282wZtdc:CGxc42Xm3RT1MBZH

Score

10^/10

limerat rat

Malware Config

Targets

- Target
  
  7859740232ba30c9e00dc78a71cfc0a75f16aa571059cf02df31029c0bb85319
- Size
  
  355KB
- MD5
  
  24987b39b8a846d660c278b90f4b65f1
- SHA1
  
  84b4dd54c7de1e8de38ecc60402fbc4499b28993
- SHA256
  
  7859740232ba30c9e00dc78a71cfc0a75f16aa571059cf02df31029c0bb85319
- SHA512
  
  44347c6c76e7fdf1725fbfc65e68fb522cb8475eb2627c3b303a747b27538ec6e61a566d389b4c3c4ac8df6202c8a177418765630ec4ca81976c2e5f72bf6b23
- SSDEEP
  
  1536:QVG2xYc42Lcimnw6RVE+ZNh5hnf+TcTQ282wZtdc:CGxc42Xm3RT1MBZH
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2