General
-
Target
5864c4d4d644e97124735542eefad82cee2db1bc1626d2d0c719c779d1e005d0
-
Size
147KB
-
Sample
230129-x6p2yacc7x
-
MD5
2b6e9f65f812cb58554ef8e64fc37943
-
SHA1
c4dff76fb2ed2519300bd163ea62151d9e332651
-
SHA256
5864c4d4d644e97124735542eefad82cee2db1bc1626d2d0c719c779d1e005d0
-
SHA512
f63eba0d085d84bde238fa5635cde2bebcc965cd562e03f0aaaa81ddedbc8fc7f0b6d63530749b72a388d2fd22f8460c4f0355a2d626c27fe583c523d1d6d8c7
-
SSDEEP
3072:nz3gmOEzjQOM4rXiMrz7wuk730Xshb+jWi4nJG2FDzI:nTbBYOHLiM8T730jyHJG
Malware Config
Extracted
limerat
-
aes_key
IRj3SceatjDfweW/qMMw7g==
-
antivm
true
-
c2_url
https://pastebin.com/raw/Jpq3By4t
-
delay
3
-
download_payload
false
-
install
true
-
install_name
Audio Realtek Driver.exe
-
main_folder
AppData
-
pin_spread
false
-
sub_folder
\Audio Realtek Driver\
-
usb_spread
false
Targets
-
-
Target
5864c4d4d644e97124735542eefad82cee2db1bc1626d2d0c719c779d1e005d0
-
Size
147KB
-
MD5
2b6e9f65f812cb58554ef8e64fc37943
-
SHA1
c4dff76fb2ed2519300bd163ea62151d9e332651
-
SHA256
5864c4d4d644e97124735542eefad82cee2db1bc1626d2d0c719c779d1e005d0
-
SHA512
f63eba0d085d84bde238fa5635cde2bebcc965cd562e03f0aaaa81ddedbc8fc7f0b6d63530749b72a388d2fd22f8460c4f0355a2d626c27fe583c523d1d6d8c7
-
SSDEEP
3072:nz3gmOEzjQOM4rXiMrz7wuk730Xshb+jWi4nJG2FDzI:nTbBYOHLiM8T730jyHJG
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-