Overview

overview

10

Static

static

10

New-Client.exe

windows7-x64

10

Resubmissions

24-08-2023 17:14

230824-vr7mbseb56 10

24-08-2023 17:09

230824-vn81zsfg21 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New-Client.exe

  • Size

    28KB

  • Sample

    230824-vr7mbseb56

  • MD5

    19d3bedf1ee8ae14fa8b095f3409cc11

  • SHA1

    47ec9ed3a4043721cbe3e5758b5298090bec214d

  • SHA256

    269dc2b37169735ee126b0f15a4948a642d6c4b5b45ccda620e206cc72c6047d

  • SHA512

    df199215a55b1dd0093a365b2397a6afffcd9897ed7560de69bd917fabe02668998c12339e14c619a3d4389e83b90da54ec0c48896be4ae80d66182832a650a8

  • SSDEEP

    384:0y+Sbj6NKQhW6dNAHN0s1qDIp6al2ra0JEvDKNrCeJE3WNgQavhGACeLQro3lcGJ:BpQ86dNwN56E2ra0Jq45NcZJRj

Score
10/10
limeratrat

Malware Config

Extracted

Family

limerat

Attributes
  • aes_key

    65AF55741941

  • antivm

    false

  • c2_url

    https://pastebin.com/raw/aEid41SM

  • delay

    3

  • download_payload

    false

  • install

    true

  • install_name

    Wservices.exe

  • main_folder

    AppData

  • pin_spread

    true

  • sub_folder

    \pencil\

  • usb_spread

    true

Targets

    • Target

      New-Client.exe

    • Size

      28KB

    • MD5

      19d3bedf1ee8ae14fa8b095f3409cc11

    • SHA1

      47ec9ed3a4043721cbe3e5758b5298090bec214d

    • SHA256

      269dc2b37169735ee126b0f15a4948a642d6c4b5b45ccda620e206cc72c6047d

    • SHA512

      df199215a55b1dd0093a365b2397a6afffcd9897ed7560de69bd917fabe02668998c12339e14c619a3d4389e83b90da54ec0c48896be4ae80d66182832a650a8

    • SSDEEP

      384:0y+Sbj6NKQhW6dNAHN0s1qDIp6al2ra0JEvDKNrCeJE3WNgQavhGACeLQro3lcGJ:BpQ86dNwN56E2ra0Jq45NcZJRj

    Score
    10/10
    limeratrat

    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

      ratlimerat

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks