Overview

overview

10

Static

static

10

New-Client.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    49s
  • max time network
    55s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-07-2023 19:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    New-Client.exe

  • Size

    28KB

  • MD5

    7595d2720aa7240588903df1a84bc840

  • SHA1

    0fab07f7b35249abb58baf70530c068bcfa18b78

  • SHA256

    4f35e245a543eb6888dd7d2d3cd32be839d7925b857d78d3721999c383bb9dbd

  • SHA512

    f874d27d928fa32e2addd92e17984b7fa91d1d972b3777b8ee7c84812530c4e306850896398d220aa136a1fb031eae0498795ad3ac6bb014489a7ecab4333269

  • SSDEEP

    384:cB+Sbj6NKGnD6N9AHNkAeqDTqfGloavDKNrCeJE3WNgjz9DQWaRQro3lcVObsjr:6pGD6N9wN9qfGa445NwZQWS6j

Score
10/10
limeratrat

Malware Config

Extracted

Family

limerat

Attributes
  • aes_key

    123

  • antivm

    false

  • c2_url

    https://pastebin.com/raw/bCzwnKS8

  • delay

    3

  • download_payload

    false

  • install

    false

  • install_name

    Wservices.exe

  • main_folder

    Temp

  • pin_spread

    false

  • sub_folder

    \

  • usb_spread

    false

Signatures

  • LimeRAT

    Simple yet powerful RAT for Windows machines written in .NET.

    ratlimerat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\New-Client.exe
    "C:\Users\Admin\AppData\Local\Temp\New-Client.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4788-134-0x0000000000090000-0x000000000009C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/4788-135-0x00000000752C0000-0x0000000075A70000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4788-136-0x0000000004A90000-0x0000000004B2C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/4788-137-0x0000000004B50000-0x0000000004BB6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4788-138-0x0000000004C90000-0x0000000004CA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4788-139-0x0000000005850000-0x0000000005DF4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4788-140-0x00000000752C0000-0x0000000075A70000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4788-141-0x0000000004C90000-0x0000000004CA0000-memory.dmp

    Filesize

    64KB

    Download