limerat | 51a36cbd556bcca8b3df6c7ef59e561a2e1a0672abe2033e87712958b07275bd | Triage

Sharing

General

Target

51a36cbd556bcca8b3df6c7ef59e561a2e1a0672abe2033e87712958b07275bd
Size

764KB
Sample

230311-j6xj5agh98
MD5

cac78b51b4ae8c359115955f5611f2a5
SHA1

7f5f6600ba423235b87beb9d47239edc4bbbce48
SHA256

51a36cbd556bcca8b3df6c7ef59e561a2e1a0672abe2033e87712958b07275bd
SHA512

85e176cde37e66728da1e9aeb641ef06ed67b41b95c1cbc4b8c8fcb2411e3632784f1a023acb07aac2363944433767fc044acb1986a83478d658db54f6177b91
SSDEEP

12288:kIAAhJZaF75GF2ibA6Sm/HO5J9MdpNNR36UH+4ahldt8VU2EfPrHLEgkMnJ6PMWT:LAxb8AJovPR36UH+4C6u2E3TzwBT

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Wallets

1LLUV51XQKqq94X965Cc6uGPXeZEGSqCdV

Attributes

aes_key
NYANCAT
antivm
false
c2_url
https://pastebin.com/raw/4pByu6u5
delay
3
download_payload
false
install
false
install_name
Wservices.exe
main_folder
AppData
pin_spread
false
sub_folder
\
usb_spread
true

Targets

- Target
  
  51a36cbd556bcca8b3df6c7ef59e561a2e1a0672abe2033e87712958b07275bd
- Size
  
  764KB
- MD5
  
  cac78b51b4ae8c359115955f5611f2a5
- SHA1
  
  7f5f6600ba423235b87beb9d47239edc4bbbce48
- SHA256
  
  51a36cbd556bcca8b3df6c7ef59e561a2e1a0672abe2033e87712958b07275bd
- SHA512
  
  85e176cde37e66728da1e9aeb641ef06ed67b41b95c1cbc4b8c8fcb2411e3632784f1a023acb07aac2363944433767fc044acb1986a83478d658db54f6177b91
- SSDEEP
  
  12288:kIAAhJZaF75GF2ibA6Sm/HO5J9MdpNNR36UH+4ahldt8VU2EfPrHLEgkMnJ6PMWT:LAxb8AJovPR36UH+4C6u2E3TzwBT
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2