Overview

overview

10

Static

static

10

4f35e245a5...bd.exe

windows7-x64

10

4f35e245a5...bd.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-07-2023 01:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4f35e245a543eb6888dd7d2d3cd32be839d7925b857d78d3721999c383bb9dbd.exe

  • Size

    28KB

  • MD5

    7595d2720aa7240588903df1a84bc840

  • SHA1

    0fab07f7b35249abb58baf70530c068bcfa18b78

  • SHA256

    4f35e245a543eb6888dd7d2d3cd32be839d7925b857d78d3721999c383bb9dbd

  • SHA512

    f874d27d928fa32e2addd92e17984b7fa91d1d972b3777b8ee7c84812530c4e306850896398d220aa136a1fb031eae0498795ad3ac6bb014489a7ecab4333269

  • SSDEEP

    384:cB+Sbj6NKGnD6N9AHNkAeqDTqfGloavDKNrCeJE3WNgjz9DQWaRQro3lcVObsjr:6pGD6N9wN9qfGa445NwZQWS6j

Score
10/10
limeratrat

Malware Config

Extracted

Family

limerat

Attributes
  • aes_key

    123

  • antivm

    false

  • c2_url

    https://pastebin.com/raw/bCzwnKS8

  • delay

    3

  • download_payload

    false

  • install

    false

  • install_name

    Wservices.exe

  • main_folder

    Temp

  • pin_spread

    false

  • sub_folder

    \

  • usb_spread

    false

Signatures

  • LimeRAT

    Simple yet powerful RAT for Windows machines written in .NET.

    ratlimerat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4f35e245a543eb6888dd7d2d3cd32be839d7925b857d78d3721999c383bb9dbd.exe
    "C:\Users\Admin\AppData\Local\Temp\4f35e245a543eb6888dd7d2d3cd32be839d7925b857d78d3721999c383bb9dbd.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4260

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4260-133-0x0000000074430000-0x0000000074BE0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4260-134-0x0000000000DB0000-0x0000000000DBC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/4260-135-0x0000000005800000-0x000000000589C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/4260-136-0x00000000058A0000-0x0000000005906000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4260-137-0x0000000001950000-0x0000000001960000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4260-138-0x0000000006540000-0x0000000006AE4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4260-139-0x0000000074430000-0x0000000074BE0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4260-140-0x0000000001950000-0x0000000001960000-memory.dmp

    Filesize

    64KB

    Download