Overview

overview

10

Static

static

10

New-Client.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New-Client.exe

  • Size

    28KB

  • Sample

    230320-q9yd6adg83

  • MD5

    f5ad333d2e7649b81b4b8cd1128c9eae

  • SHA1

    d3102802195c99af03cc591fd09b33ea471ac2ef

  • SHA256

    6f2986644f574dc5ec1bbe4fb2ffa19d7b41fcb11aeaf7e027c83b9101882509

  • SHA512

    547ae49a7a863fde1a0eee5ae2f8047278bbcc24fe0a8fe3a77058228aef00dbff8642e0ed7fad1bbc6a05b09f291165e30d95597849be85502ab535f9776140

  • SSDEEP

    384:vB+Sbj6NKGnD6N9AHNkADqD0nxghOFU6vDKNrCeJE3WNgYF9SuUjjQXvwQro3lcb:JpGD6N9wNpOkaY45NrGuUj8XCHij

Score
10/10
limeratrat

Malware Config

Extracted

Family

limerat

Attributes
  • aes_key

    123

  • antivm

    false

  • c2_url

    https://pastebin.com/raw/JdpXGZCA

  • delay

    3

  • download_payload

    false

  • install

    false

  • install_name

    Wservices.exe

  • main_folder

    Temp

  • pin_spread

    false

  • sub_folder

    \

  • usb_spread

    false

Targets

    • Target

      New-Client.exe

    • Size

      28KB

    • MD5

      f5ad333d2e7649b81b4b8cd1128c9eae

    • SHA1

      d3102802195c99af03cc591fd09b33ea471ac2ef

    • SHA256

      6f2986644f574dc5ec1bbe4fb2ffa19d7b41fcb11aeaf7e027c83b9101882509

    • SHA512

      547ae49a7a863fde1a0eee5ae2f8047278bbcc24fe0a8fe3a77058228aef00dbff8642e0ed7fad1bbc6a05b09f291165e30d95597849be85502ab535f9776140

    • SSDEEP

      384:vB+Sbj6NKGnD6N9AHNkADqD0nxghOFU6vDKNrCeJE3WNgYF9SuUjjQXvwQro3lcb:JpGD6N9wNpOkaY45NrGuUj8XCHij

    Score
    10/10
    limeratrat

    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

      ratlimerat

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks