limerat | 7a0fa7427224a98c57c65175eff4d069d4776e8aa3e2ba84f1ac53c169548ae8 | Triage

Submit
Reports

Overview

overview

Static

static

3

7a0fa74272...e8.exe

windows10-1703-x64

Sharing

General

Target

7a0fa7427224a98c57c65175eff4d069d4776e8aa3e2ba84f1ac53c169548ae8.com
Size

54.1MB
Sample

230707-n7ne3agg82
MD5

e1c8233b71f5b4befa0605a036c2439f
SHA1

3c1ed3b56c662706f8817e62cd2f9c4466596d9a
SHA256

7a0fa7427224a98c57c65175eff4d069d4776e8aa3e2ba84f1ac53c169548ae8
SHA512

bbc838a69879244c0b28c539b35e448deae0debbab5137f03f4fc162238a4562552b994d92951e4a97f2f013d1c7ab1e137a164d459697be9a2999e9ae00bd1e
SSDEEP

786432:xp3IN1FZQYnnkx9APJ/5AqcP5fd+CjamTb6DRg8n6+JyknHomZ4CmCVC6t7XBhMH:x1IgYeAPJ/WqcpoCjHb6h6+JybD62cjW

Score

10^/10

limerat quasar windows control center rat spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7a0fa7427224a98c57c65175eff4d069d4776e8aa3e2ba84f1ac53c169548ae8.exe

Resource

win10-20230703-en

limerat quasar windows control center rat spyware trojan

windows10-1703-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

limerat

Wallets

3MepjwQmfUhgUQgHqveCiWqdBpJNkLQHFn

Attributes

aes_key
password@
antivm
false
c2_url
https://pastebin.com/raw/h0JAB92p
delay
3
download_payload
true
install
true
install_name
MicrosoftWindowsServer.exe
main_folder
AppData
payload_url
https://github.com/willskate548/192/raw/main/WindowsControlCenter.exe
pin_spread
false
sub_folder
\MWS\
usb_spread
false

Extracted

Family

quasar

Version

1.4.1

Botnet

Windows Control Center

C2

5.78.110.192:6050

Mutex

f1c23f2d-02a2-44d2-92e0-6e25022fa246

Attributes

encryption_key
420F8C6982C226E94D8F49F3A9F975BFE047EFD7
install_name
WindowsControlCenter.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Control Center
subdirectory
WCC

Targets

- Target
  
  7a0fa7427224a98c57c65175eff4d069d4776e8aa3e2ba84f1ac53c169548ae8.com
- Size
  
  54.1MB
- MD5
  
  e1c8233b71f5b4befa0605a036c2439f
- SHA1
  
  3c1ed3b56c662706f8817e62cd2f9c4466596d9a
- SHA256
  
  7a0fa7427224a98c57c65175eff4d069d4776e8aa3e2ba84f1ac53c169548ae8
- SHA512
  
  bbc838a69879244c0b28c539b35e448deae0debbab5137f03f4fc162238a4562552b994d92951e4a97f2f013d1c7ab1e137a164d459697be9a2999e9ae00bd1e
- SSDEEP
  
  786432:xp3IN1FZQYnnkx9APJ/5AqcP5fd+CjamTb6DRg8n6+JyknHomZ4CmCVC6t7XBhMH:x1IgYeAPJ/WqcpoCjHb6h6+JybD62cjW
Score

10^/10

limerat quasar windows control center rat spyware trojan
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

limeratquasarwindows control centerratspywaretrojan

© 2018-2025

Terms | Privacy