limerat | c9e34cc1c82394737d68098efcbd4c4f895fb4ecd7caa3d75e8b749e914412d8 | Triage

Sharing

General

Target

exlr.zip
Size

265KB
Sample

230620-qr4s8add9z
MD5

1d6c9ab3ba15cc89f2347b740a8bf314
SHA1

7b3b3e0f196008e2c6bd3dde9beeb37f03e96216
SHA256

c9e34cc1c82394737d68098efcbd4c4f895fb4ecd7caa3d75e8b749e914412d8
SHA512

746837f58be156a69c870efb9b27d1f548e10e3eb30a83acd88a2cd5498dd86757dd5afddc46d9a54b2fd3f8d842d36b90584811bf7da730176dd6ca4178e0a2
SSDEEP

6144:jcmOxtR9rMEZ+CX2ssFqU/PC2GxnGp/H3Ypv77Ie:jdOxjVMEZ+9bqsPQxGpGjse

Score

10^/10

limerat persistence rat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
dorkis
antivm
true
c2_url
https://pastebin.com/raw/RPvdzvf9
delay
3
download_payload
false
install
true
install_name
Lol.exe
main_folder
AppData
pin_spread
true
sub_folder
\Discrd\
usb_spread
true

Targets

- Target
  
  22d0bc93d63a3ae7371628d0a59fe79bfa6cdcf37bb7643c80a998ed5540a6ca
- Size
  
  268KB
- MD5
  
  9ccac05dc35bc350756b65e44e55f3de
- SHA1
  
  5e296e9c4afd0bdf887b8d49c3e42bf31127cdcd
- SHA256
  
  22d0bc93d63a3ae7371628d0a59fe79bfa6cdcf37bb7643c80a998ed5540a6ca
- SHA512
  
  7a9aa256f3855088d39d0d0ebe4ba8fc4734bf2336d3a57cefceb240727b4fbbd159ee01c7da36216130c718c5dc1cda39608bacc5bc1a402a0680d7e67a80b6
- SSDEEP
  
  6144:iwKBnr5DNGAEvdl4I3FOobfrBkx9V48FpJh8uildXT/s4u:iw6dNGxvv4I3FOoXY1FNenf
Score

10^/10

limerat persistence rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

limeratpersistencerat

behavioral2

limeratpersistencerat