General
-
Target
a62bf59b6bf0f1cbfeb62dc7b3270467b8ff9c8fc05a37c4ee1753153817a4d0
-
Size
32KB
-
Sample
230311-j7p7faha23
-
MD5
08346bf7d40e477a1e649e04363b1afb
-
SHA1
8261511a0be205fe7e83d0ec1f8cdb2e793cc9cd
-
SHA256
a62bf59b6bf0f1cbfeb62dc7b3270467b8ff9c8fc05a37c4ee1753153817a4d0
-
SHA512
449d2a6d2e4a2b6f6277514177ba5ee6729ee6322134cd8af733bc24ef7c612a158bc51ca2e2524ccb2f17135e639573bf8ce76129cfc9d5886ec8723d4d4d9e
-
SSDEEP
384:mQB+Sbj6NKFRW16lVAH9FYViqqD+VsQXLvDKNrCeJE3WNgRQH6d4J4OQro3lcMxQ:rpF06lVw9qmQX745Nhq04j
Malware Config
Extracted
limerat
1EogL1YUsV2QZTZjvYtV8ZVSDDXLGBGPRi
-
aes_key
user
-
antivm
false
-
c2_url
https://pastebin.com/raw/g0ZuQHkL
-
delay
3
-
download_payload
false
-
install
true
-
install_name
Wservices.exe
-
main_folder
AppData
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Targets
-
-
Target
a62bf59b6bf0f1cbfeb62dc7b3270467b8ff9c8fc05a37c4ee1753153817a4d0
-
Size
32KB
-
MD5
08346bf7d40e477a1e649e04363b1afb
-
SHA1
8261511a0be205fe7e83d0ec1f8cdb2e793cc9cd
-
SHA256
a62bf59b6bf0f1cbfeb62dc7b3270467b8ff9c8fc05a37c4ee1753153817a4d0
-
SHA512
449d2a6d2e4a2b6f6277514177ba5ee6729ee6322134cd8af733bc24ef7c612a158bc51ca2e2524ccb2f17135e639573bf8ce76129cfc9d5886ec8723d4d4d9e
-
SSDEEP
384:mQB+Sbj6NKFRW16lVAH9FYViqqD+VsQXLvDKNrCeJE3WNgRQH6d4J4OQro3lcMxQ:rpF06lVw9qmQX745Nhq04j
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-