limerat

Sharing

Copy URL

Twitter E-mail

General

Target

Sin confirmar 827088.zip
Size

2.0MB
Sample

230319-n7wfnsgc38
MD5

9ee9f9b54847b9cab614116417301a5c
SHA1

0ca9debf5cee5285a8e58e1b66ca36446dd3619f
SHA256

85e6f154baa5c3d5dcbf1b16ed811bbf643582b194d22aaeb440195640d881dd
SHA512

657c808b6bd619e08ae7f486e55573e765b750b90d06c0bcdf06b3253eab989c203023b6ba7a97f9421f7d1043267cd8c8b704226be11374f847a58d852cd1e3
SSDEEP

49152:6YZIWpfqNPltOBEZqdSVrRT2xwGEuU301GuLnqQJHj:6YGVtgshIZzI01G8lBj

Score

10^/10

limerat rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://6.top4top.net/p_13529t6r71.jpg

Targets

- Target
  
  Netflix Checker by GOD Cracked By GM`ka/AntiCaptcha.dll
- Size
  
  14KB
- MD5
  
  595cb3cd2f929a641391a529219a2f75
- SHA1
  
  7a81ae150abb01ac22386eb00754d192e00e72fc
- SHA256
  
  dffd4a411f58232d32b1df1a2b4f2b73b611d01f98fee8346d3a3211cfeaa3c2
- SHA512
  
  bd7bf802161f9c3c025730fed4e6df9ac1b6aee4d07867892d3116c7f4a77763c490a28d53c988adb1b73741b4e7f914ae58141f8495e2d84c8228e01cf9b21b
- SSDEEP
  
  384:2Fg3puWneknQn1j5SeuWjEpGHdpbzeeHe:2mpeknQn7nHd+
Score

1^/10
behavioral1 behavioral2
- Target
  
  Netflix Checker by GOD Cracked By GM`ka/Netflix by GOD Cracked By GM`ka.exe
- Size
  
  184KB
- MD5
  
  aa3bb11ee0c84761496dfdb9e6e5b63f
- SHA1
  
  8abbf52400836f9e2cc8695f31a44398f0a8a220
- SHA256
  
  4b4be96ea88ab429172e0ff04475179478f7afd2784ec0a07ae4bc78b2104d3a
- SHA512
  
  3643410c32ccb5202c1bbb8cf79f65bcb7accd36cce45672eacd71c051a2b7e0f253bd18979ac68d91b2272b6666d10916788bf9d340abd660b0f42144dc44d9
- SSDEEP
  
  1536:SX4ljePvu7ZTJqCgiv/RbgyPnY9dF0IaJZI6huB2vtChPw:SX4ljH/q4bg4nY9dt2vtChPw
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  Netflix Checker by GOD Cracked By GM`ka/ProxySocket.dll
- Size
  
  20KB
- MD5
  
  13f842ac397885c4e647ec35f2ab79e5
- SHA1
  
  a308f78c09101a2c171aac9dcb5f85566470d095
- SHA256
  
  851e924110ba3ff3dcd8c894d9c264a1aa3715aaed36e5ef4e320a73d3451a16
- SHA512
  
  acc6cd577ceeb585aa3915d06ed7205090071f8b8fd63419285828a8a4a57a16ff19eff0e10c3b78468af3d7fc2873143f57e1d327ecbae45cf789786a77a670
- SSDEEP
  
  384:h9nPpirOVzCa5gTfOYn4U5L/QFwRqp6s6AR3U8ci+AtbedGnjaHIe:FgT4SDUHwAFUx1AtS60Ie
Score

1^/10
behavioral5 behavioral6
- Target
  
  Netflix Checker by GOD Cracked By GM`ka/bcastdvr.proxy.dll
- Size
  
  127KB
- MD5
  
  eb1e9d853b3a71f8db7de8a1ee04a757
- SHA1
  
  175e1d12d7a6466c844d0e6551a90554b1f9c50c
- SHA256
  
  610ab0b7bee791a97e1ebb78a71897adcdad3e1db53598a1e1fba0b3cae624c3
- SHA512
  
  8987c9afa386f1fe0c54efb7f93e5abe49055568899c16625bb37f8bec4872627b159f2a7c1002b1980e29dcf6ea0757058882e73ce533f1dbf9546f6cbbd283
- SSDEEP
  
  3072:7/5xT3o7aTOPun5L6L3QP0YUj1rZlXw4qw0+Aqd6m/l8zVE37MTGEmVQkpc6mfFO:uxeF6
Score

1^/10
behavioral7 behavioral8
- Target
  
  Netflix Checker by GOD Cracked By GM`ka/msacm32.dll
- Size
  
  91KB
- MD5
  
  67705d9f5cc5b1b5369020db75a96cca
- SHA1
  
  361570bd4996035fae9a00643e2702af71c20258
- SHA256
  
  a81f6c00abb9f93e087e7cc327152548d48ac41e4e87b641d35de9ee9c32c428
- SHA512
  
  9daeb80668c3fb6ef30d7cd3ef0dc299f88ee4c00ce0abe6ccc21c345102e4a1b7584b25da8a90b2d7126df3da42fc0704db9a32f3da0a3d456a03d0e821f1e0
- SSDEEP
  
  1536:ifCbzJH52ngXggYD/Yi3oMfZCV75h4zlQKw2xLGO3qnjG7pPzsk:ieVkgYDAi3omMVhcl7CO6njGV7H
Score

1^/10
behavioral10 behavioral9
- Target
  
  Netflix Checker by GOD Cracked By GM`ka/xNet/AntiCaptcha.dll
- Size
  
  14KB
- MD5
  
  595cb3cd2f929a641391a529219a2f75
- SHA1
  
  7a81ae150abb01ac22386eb00754d192e00e72fc
- SHA256
  
  dffd4a411f58232d32b1df1a2b4f2b73b611d01f98fee8346d3a3211cfeaa3c2
- SHA512
  
  bd7bf802161f9c3c025730fed4e6df9ac1b6aee4d07867892d3116c7f4a77763c490a28d53c988adb1b73741b4e7f914ae58141f8495e2d84c8228e01cf9b21b
- SSDEEP
  
  384:2Fg3puWneknQn1j5SeuWjEpGHdpbzeeHe:2mpeknQn7nHd+
Score

1^/10
behavioral11 behavioral12
- Target
  
  Netflix Checker by GOD Cracked By GM`ka/xNet/Ionic.Zip.dll
- Size
  
  480KB
- MD5
  
  f6933bf7cee0fd6c80cdf207ff15a523
- SHA1
  
  039eeb1169e1defe387c7d4ca4021bce9d11786d
- SHA256
  
  17bb0c9be45289a2be56a5f5a68ec9891d7792b886e0054bc86d57fe84d01c89
- SHA512
  
  88675512daa41e17ce4daf6ca764ccb17cd9633a7c2b7545875089cae60f6918909a947f3b1692d16ec5fa209e18e84bc0ff3594f72c3e677a6cca9f3a70b8d6
- SSDEEP
  
  6144:OhagC/Mq25o9sXGtSV41OJDsTDDVUMle6ZjxLV/kHu4Bht79I9:iagxWS4msNUCe65fkHdBf9
Score

1^/10
behavioral13 behavioral14
- Target
  
  Netflix Checker by GOD Cracked By GM`ka/xNet/ProxySocket.dll
- Size
  
  20KB
- MD5
  
  13f842ac397885c4e647ec35f2ab79e5
- SHA1
  
  a308f78c09101a2c171aac9dcb5f85566470d095
- SHA256
  
  851e924110ba3ff3dcd8c894d9c264a1aa3715aaed36e5ef4e320a73d3451a16
- SHA512
  
  acc6cd577ceeb585aa3915d06ed7205090071f8b8fd63419285828a8a4a57a16ff19eff0e10c3b78468af3d7fc2873143f57e1d327ecbae45cf789786a77a670
- SSDEEP
  
  384:h9nPpirOVzCa5gTfOYn4U5L/QFwRqp6s6AR3U8ci+AtbedGnjaHIe:FgT4SDUHwAFUx1AtS60Ie
Score

1^/10
behavioral15 behavioral16
- Target
  
  Netflix Checker by GOD Cracked By GM`ka/xNet/bcastdvr.proxy.dll
- Size
  
  127KB
- MD5
  
  eb1e9d853b3a71f8db7de8a1ee04a757
- SHA1
  
  175e1d12d7a6466c844d0e6551a90554b1f9c50c
- SHA256
  
  610ab0b7bee791a97e1ebb78a71897adcdad3e1db53598a1e1fba0b3cae624c3
- SHA512
  
  8987c9afa386f1fe0c54efb7f93e5abe49055568899c16625bb37f8bec4872627b159f2a7c1002b1980e29dcf6ea0757058882e73ce533f1dbf9546f6cbbd283
- SSDEEP
  
  3072:7/5xT3o7aTOPun5L6L3QP0YUj1rZlXw4qw0+Aqd6m/l8zVE37MTGEmVQkpc6mfFO:uxeF6
Score

1^/10
behavioral17 behavioral18
- Target
  
  Netflix Checker by GOD Cracked By GM`ka/xNet/msacm32.dll
- Size
  
  91KB
- MD5
  
  67705d9f5cc5b1b5369020db75a96cca
- SHA1
  
  361570bd4996035fae9a00643e2702af71c20258
- SHA256
  
  a81f6c00abb9f93e087e7cc327152548d48ac41e4e87b641d35de9ee9c32c428
- SHA512
  
  9daeb80668c3fb6ef30d7cd3ef0dc299f88ee4c00ce0abe6ccc21c345102e4a1b7584b25da8a90b2d7126df3da42fc0704db9a32f3da0a3d456a03d0e821f1e0
- SSDEEP
  
  1536:ifCbzJH52ngXggYD/Yi3oMfZCV75h4zlQKw2xLGO3qnjG7pPzsk:ieVkgYDAi3omMVhcl7CO6njGV7H
Score

1^/10
behavioral19 behavioral20
- Target
  
  Netflix Checker by GOD Cracked By GM`ka/xNet/procs.exe
- Size
  
  1.7MB
- MD5
  
  98bfaca19a9ae44bb60fbc3e98e54d09
- SHA1
  
  e2f100fc3eb808fe26cdc26327920293c1272cab
- SHA256
  
  a0e92f4093a2238cd10451cb37932acbfe2ccdddedb7106b9faaa22fadf582e3
- SHA512
  
  d8b5abdb9692f54a512d53589537bb8b4aa489443ef7ae77aede69d5c1510a32ce2508eeca1ff50898fb2305151c53b9f03449dac9a75b4ea8aa370a324f4fbe
- SSDEEP
  
  49152:Cl1b5zTZ5YfiyFc7Eno6T2te21ZkWQ5XK9Ey5:CdzxCzfTOe2k5amW
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral21 behavioral22

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

LimeRAT

Blocklisted process makes network request

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22