limerat | 1e87132cbbc991fd38530ffc3a2d43e8eb62536c947dd6277d7768342133ea9b | Triage

Sharing

General

Target

199ecae9fa74c42c5dc46548596bc8bb.bin
Size

48KB
Sample

230317-h14wkseg44
MD5

88a8342e692f3e857f6c8e00911f3888
SHA1

06ce6b754bae335e2f05330e707e91a8ca772b09
SHA256

1e87132cbbc991fd38530ffc3a2d43e8eb62536c947dd6277d7768342133ea9b
SHA512

f1b8ba2d35d58c800c45d3cf05b0c18dd109af804d4c5c509666c7d8f81cf05bb99b2bfcfd9ac145929a75241fc8c518ed923ec7824d3a58b7583b68c687ff71
SSDEEP

1536:/VbqVS+SEJ/6io5ljDANFhSUUvgapGaBTiaGQIxQT6h0:dbqki/HoXjENF8UUvgGZqMx

Score

10^/10

limerat rat

Malware Config

Targets

- Target
  
  2cbf63527a0c56cf1cd265f78c2886af195b7635c8ff02c0bb02fc20f2cc1c8d.exe
- Size
  
  99KB
- MD5
  
  199ecae9fa74c42c5dc46548596bc8bb
- SHA1
  
  a62a99b8ade6b1ce411aaa7a8d3b7c34ce6e285a
- SHA256
  
  2cbf63527a0c56cf1cd265f78c2886af195b7635c8ff02c0bb02fc20f2cc1c8d
- SHA512
  
  3d522d67e624be389c0b8be227c853a7127075fa2b2e38d2457c9d4a6a287122fa9eb466497f3ef6d3bd5f7430654d7b4e4abe4bbcc244e587027f3645d1b924
- SSDEEP
  
  1536:OF4WWMJ7J+GMrFmCxuNCTwChaKExEbbaaYoOgGK:84W/Wbth5bbTmgGK
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2