limerat | 7ad16b89dca2eb27739b917c6c5bbc36d79d9569a894f885b24123798a4e23dd | Triage

Sharing

General

Target

7ad16b89dca2eb27739b917c6c5bbc36d79d9569a894f885b24123798a4e23dd
Size

788KB
Sample

230129-x3xydaag45
MD5

ccbd4702039d93625bb570203cf02e82
SHA1

2f7ffe46081765f24c9ec249535968f6b2dad2f2
SHA256

7ad16b89dca2eb27739b917c6c5bbc36d79d9569a894f885b24123798a4e23dd
SHA512

80e7c5572f1feb44ef2b3f7265a2d03b3bfe89bcbbcfcf666bc7d627912d2fd8c59909dda805288e0570846662433a693f3ad577370ec3027bdd2d7c21c2540f
SSDEEP

6144:M+rw37ApOBEbdRjeijEfU3XYfu+xYFeHxms6lCZ6TF2GNgCnpGlbLG6faG5rzfFR:ELnjf4utUIMGlnGeaPXBhg

Score

10^/10

limerat rat

Malware Config

Targets

- Target
  
  7ad16b89dca2eb27739b917c6c5bbc36d79d9569a894f885b24123798a4e23dd
- Size
  
  788KB
- MD5
  
  ccbd4702039d93625bb570203cf02e82
- SHA1
  
  2f7ffe46081765f24c9ec249535968f6b2dad2f2
- SHA256
  
  7ad16b89dca2eb27739b917c6c5bbc36d79d9569a894f885b24123798a4e23dd
- SHA512
  
  80e7c5572f1feb44ef2b3f7265a2d03b3bfe89bcbbcfcf666bc7d627912d2fd8c59909dda805288e0570846662433a693f3ad577370ec3027bdd2d7c21c2540f
- SSDEEP
  
  6144:M+rw37ApOBEbdRjeijEfU3XYfu+xYFeHxms6lCZ6TF2GNgCnpGlbLG6faG5rzfFR:ELnjf4utUIMGlnGeaPXBhg
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2