limerat | 700043106c930b06fa9ea4a403ca0929bacb82e1c7bd6abaa522b3c207270871 | Triage

Sharing

General

Target

700043106c930b06fa9ea4a403ca0929bacb82e1c7bd6abaa522b3c207270871
Size

335KB
Sample

230311-j7j1esgh99
MD5

9268b0a4743de79dc5a13bbc110d7625
SHA1

3813eae8baea870a0b9865a8bd73100e6ec57b70
SHA256

700043106c930b06fa9ea4a403ca0929bacb82e1c7bd6abaa522b3c207270871
SHA512

00631eb1b86c38850efc334d94bb78d3dd1259284386e9b28c04f2362db9554fece5e55492f01f6aa7fae1aa1c80c2974aba0b5fe93797dccdff2291b8363634
SSDEEP

6144:m+b24Srv5ztq9fq2OlioP8fZCbWpg505a:nbT8tg7OlioPWzpb

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
1234
antivm
false
c2_url
https://pastebin.com/raw/0VLKT4kX
delay
3
download_payload
false
install
false
install_name
Windows Compatibility Assistant.exe
main_folder
AppData
pin_spread
false
sub_folder
\
usb_spread
false

Targets

- Target
  
  700043106c930b06fa9ea4a403ca0929bacb82e1c7bd6abaa522b3c207270871
- Size
  
  335KB
- MD5
  
  9268b0a4743de79dc5a13bbc110d7625
- SHA1
  
  3813eae8baea870a0b9865a8bd73100e6ec57b70
- SHA256
  
  700043106c930b06fa9ea4a403ca0929bacb82e1c7bd6abaa522b3c207270871
- SHA512
  
  00631eb1b86c38850efc334d94bb78d3dd1259284386e9b28c04f2362db9554fece5e55492f01f6aa7fae1aa1c80c2974aba0b5fe93797dccdff2291b8363634
- SSDEEP
  
  6144:m+b24Srv5ztq9fq2OlioP8fZCbWpg505a:nbT8tg7OlioPWzpb
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2