limerat | e47ebff8db8445fac5e5cfa3a9cf5f3543907ac8d47066a2cbd80c00be10749d | Triage

Sharing

General

Target

Dorksearchergoldcleaned.exe
Size

24KB
Sample

230513-2sasbahf49
MD5

d2cafbe0dee8df78fa2928c5d3f54431
SHA1

bb9e7210d46f983c99e983042ef69c1483354a43
SHA256

e47ebff8db8445fac5e5cfa3a9cf5f3543907ac8d47066a2cbd80c00be10749d
SHA512

41f109e151e13bcb75820beb19686c95314a958dd16da63a4b3d0e6a8b722644a7b074d57b81b84be723fed5515b7b5912107633944b5158886f4eca6a825043
SSDEEP

384:v0eG+mRytj6nmBSwinqm9JmcpCd9vDuNrCeJEomNc+ro3lcbzdYDWn:JjDSwinhJmcpakeN24ZYI

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Wallets

1Jyrji1JwM6wcv9w6E7GWRUfBt8VyAu6g1

Attributes

aes_key
elprofessor
antivm
true
c2_url
https://pastebin.com/raw/H6K0uUqr
delay
3
download_payload
true
install
true
install_name
Dork searcher gold.exe
main_folder
AppData
pin_spread
true
sub_folder
\
usb_spread
true

Targets

- Target
  
  Dorksearchergoldcleaned.exe
- Size
  
  24KB
- MD5
  
  d2cafbe0dee8df78fa2928c5d3f54431
- SHA1
  
  bb9e7210d46f983c99e983042ef69c1483354a43
- SHA256
  
  e47ebff8db8445fac5e5cfa3a9cf5f3543907ac8d47066a2cbd80c00be10749d
- SHA512
  
  41f109e151e13bcb75820beb19686c95314a958dd16da63a4b3d0e6a8b722644a7b074d57b81b84be723fed5515b7b5912107633944b5158886f4eca6a825043
- SSDEEP
  
  384:v0eG+mRytj6nmBSwinqm9JmcpCd9vDuNrCeJEomNc+ro3lcbzdYDWn:JjDSwinhJmcpakeN24ZYI
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Web Service

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2