Overview

overview

10

Static

static

10

22c74adf03...d9.exe

windows7-x64

10

22c74adf03...d9.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-04-2023 21:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22c74adf03e49db1dfab9216566d4ed9.exe

  • Size

    28KB

  • MD5

    22c74adf03e49db1dfab9216566d4ed9

  • SHA1

    7b0f06fe3512717632b943be8ca3445e915f62d2

  • SHA256

    6d28fe68df58ab9121992fdcfba660bac50108c9ea9fd786a8dc3611b4f60289

  • SHA512

    b9bd0ecb294c192e2b235a51397c3157617d2a59f60bd533ff59a9a33b6e7d3140585e9c725a685f04006d7d122ca301f40cc62301527d34eb99a5bcbc13b55d

  • SSDEEP

    384:7B+Sbj6NKZYvR62u3AHtIEUqDXOe+y14vDKNrCeJE3WNgPe5FtosBAzQro3lcBGQ:lpZYZ62u3wtzOe+2W45NdisBeuj

Score
10/10
limeratrat

Malware Config

Extracted

Family

limerat

Attributes
  • aes_key

    4545

  • antivm

    false

  • c2_url

    https://pastebin.com/raw/rTiY1HLu

  • delay

    3

  • download_payload

    false

  • install

    false

  • install_name

    Wservices.exe

  • main_folder

    Temp

  • pin_spread

    false

  • sub_folder

    \

  • usb_spread

    false

Signatures

  • LimeRAT

    Simple yet powerful RAT for Windows machines written in .NET.

    ratlimerat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious behavior: EnumeratesProcesses 23 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22c74adf03e49db1dfab9216566d4ed9.exe
    "C:\Users\Admin\AppData\Local\Temp\22c74adf03e49db1dfab9216566d4ed9.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4932

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4932-133-0x00000000009F0000-0x00000000009FC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/4932-134-0x0000000005380000-0x000000000541C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/4932-135-0x0000000005460000-0x00000000054C6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4932-136-0x00000000055E0000-0x00000000055F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4932-137-0x0000000006060000-0x0000000006604000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4932-138-0x00000000055E0000-0x00000000055F0000-memory.dmp

    Filesize

    64KB

    Download