limerat | 988b8a7e213e9f51aaa6b224d358980d069b0ea40e86dd7dd53fbacaef38cbac | Triage

Sharing

General

Target

NewClientexeexeexeexeexee.exe
Size

25KB
Sample

230709-j6rnwacc5t
MD5

4347e22b925cb84a77f9efbcd93127b8
SHA1

dd2795bf3fe8d5de291fb136e56101fd79433f2d
SHA256

988b8a7e213e9f51aaa6b224d358980d069b0ea40e86dd7dd53fbacaef38cbac
SHA512

d01371a3b6b81ed57527e5e689c6a3a83ec9bb515abdee94b3ea3a9bd6fe138da8f0cbaa34c7ff3724d4e57f477579842d15fd6e49e30d743cdc9cde32b20146
SSDEEP

384:9B+Sbj6NK8R+6VFAHdkaIh34EnWb5j4kDhlzCTJEUmNYEYQro3lcvC8sjr:Xp8E6VFwdqaE+RHtN8Dj

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
shouldvelistened
antivm
false
c2_url
https://pastebin.com/raw/X4egnDWF
delay
3
download_payload
false
install
false
install_name
Wservices.exe
main_folder
UserProfile
pin_spread
false
sub_folder
\
usb_spread
false

Targets

- Target
  
  NewClientexeexeexeexeexee.exe
- Size
  
  25KB
- MD5
  
  4347e22b925cb84a77f9efbcd93127b8
- SHA1
  
  dd2795bf3fe8d5de291fb136e56101fd79433f2d
- SHA256
  
  988b8a7e213e9f51aaa6b224d358980d069b0ea40e86dd7dd53fbacaef38cbac
- SHA512
  
  d01371a3b6b81ed57527e5e689c6a3a83ec9bb515abdee94b3ea3a9bd6fe138da8f0cbaa34c7ff3724d4e57f477579842d15fd6e49e30d743cdc9cde32b20146
- SSDEEP
  
  384:9B+Sbj6NK8R+6VFAHdkaIh34EnWb5j4kDhlzCTJEUmNYEYQro3lcvC8sjr:Xp8E6VFwdqaE+RHtN8Dj
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2