General
-
Target
641fe9f18ebb130d7a6b63ca7cc7fde7092e0a77447997009e5f23db698771e8
-
Size
760KB
-
Sample
230311-j6958aag7w
-
MD5
9f700a5aa12ce068b6d7a78ab785b17a
-
SHA1
25742162d94f4479d557fb659e3a3280d91a1580
-
SHA256
641fe9f18ebb130d7a6b63ca7cc7fde7092e0a77447997009e5f23db698771e8
-
SHA512
d6a4878db5e914dfbe763ae6e1ec9007e4c710bae89a78a714adc0efd05f772668ee4bee1ad1fcd4db61613f2438d0dfd529bf91b03af50c05e98f487f880938
-
SSDEEP
12288:kIAAhJZaF75GF2ibA6Sm/HO5J9MdpNNR36UH+4ahldt8VU2EfPrHLEgkMnJ6PM6:LAxb8AJovPR36UH+4C6u2E3Tzwr
Malware Config
Extracted
limerat
1LLUV51XQKqq94X965Cc6uGPXeZEGSqCdV
-
aes_key
NYANCAT
-
antivm
false
-
c2_url
https://pastebin.com/raw/4pByu6u5
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
AppData
-
pin_spread
false
-
sub_folder
\
-
usb_spread
true
Targets
-
-
Target
641fe9f18ebb130d7a6b63ca7cc7fde7092e0a77447997009e5f23db698771e8
-
Size
760KB
-
MD5
9f700a5aa12ce068b6d7a78ab785b17a
-
SHA1
25742162d94f4479d557fb659e3a3280d91a1580
-
SHA256
641fe9f18ebb130d7a6b63ca7cc7fde7092e0a77447997009e5f23db698771e8
-
SHA512
d6a4878db5e914dfbe763ae6e1ec9007e4c710bae89a78a714adc0efd05f772668ee4bee1ad1fcd4db61613f2438d0dfd529bf91b03af50c05e98f487f880938
-
SSDEEP
12288:kIAAhJZaF75GF2ibA6Sm/HO5J9MdpNNR36UH+4ahldt8VU2EfPrHLEgkMnJ6PM6:LAxb8AJovPR36UH+4C6u2E3Tzwr
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-