Overview

overview

10

Static

static

10

22df9b6c3a...5f.exe

windows7-x64

10

22df9b6c3a...5f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-07-2023 15:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22df9b6c3a71b8dbbdef5d5bd09e445f.exe

  • Size

    28KB

  • MD5

    22df9b6c3a71b8dbbdef5d5bd09e445f

  • SHA1

    0fdb02616c74e6eca4535d7b160a2e16a3e79943

  • SHA256

    024cce95a63124cd3cbfe3f21fbacf8437fd288717fce379006064aa2a97641e

  • SHA512

    2ada99e227f30c10453d588bbb6b40bdff55825a36bf5fcc16df084dbdca069e6cc0ac6aa612addd0393f8dc8751b3efc1c9626e2d78459faf9d348d1f46aaf3

  • SSDEEP

    384:IB+Sbj6NKDRW16lVAH9BYVizqDyevPUQOvDKNrCeJE3WNgDnPr0ob7TyXUq7ZQrm:2pD06lVw9tc8QE45NknIgTyEql4Kj

Score
10/10
limeratrat

Malware Config

Extracted

Family

limerat

Wallets

1B5aLZh6psoQttLGn9tpbdibiWqzyh4Jfv

Attributes
  • aes_key

    NYANCAT

  • antivm

    false

  • c2_url

    https://pastebin.com/raw/LJe9sUk5

  • delay

    3

  • download_payload

    false

  • install

    false

  • install_name

    Wservices.exe

  • main_folder

    Temp

  • pin_spread

    false

  • sub_folder

    \

  • usb_spread

    true

Signatures

  • LimeRAT

    Simple yet powerful RAT for Windows machines written in .NET.

    ratlimerat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22df9b6c3a71b8dbbdef5d5bd09e445f.exe
    "C:\Users\Admin\AppData\Local\Temp\22df9b6c3a71b8dbbdef5d5bd09e445f.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1296

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1296-133-0x0000000000650000-0x000000000065C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1296-134-0x00000000747D0000-0x0000000074F80000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1296-135-0x0000000004FD0000-0x000000000506C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/1296-136-0x0000000005090000-0x00000000050F6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1296-137-0x00000000051B0000-0x00000000051C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1296-138-0x0000000005E30000-0x00000000063D4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/1296-139-0x0000000006580000-0x0000000006612000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1296-140-0x00000000747D0000-0x0000000074F80000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1296-141-0x00000000051B0000-0x00000000051C0000-memory.dmp

    Filesize

    64KB

    Download