Overview

overview

10

Static

static

3

bypasser.exe

windows7-x64

7

bypasser.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bypassr.zip

  • Size

    7.2MB

  • Sample

    230828-3k4k4agg34

  • MD5

    25f7f0fdeade09d59437cb4542b51797

  • SHA1

    5ba233ef6a9b8b72b47e2c54ebe1bf37f6edee9b

  • SHA256

    71ad9a065ac0bcabd414ce51436734299c56407829dbf2565c17aa4a2571098a

  • SHA512

    6b12bce4cf2acd45152a415a108004fbab817cfa1cd430abfb00896480cf503a129b7d43d8c73e6274d8d3e4c874a1eb09def02bd33a9f64ee2fc3a27a482e03

  • SSDEEP

    196608:50G9HgsgAo73D3ftpinX+0byy7hu26nyLne:/9zg3Dvtpau0byy7hu26yLe

Score
10/10
limeratpyinstallerratupx

Malware Config

Extracted

Family

limerat

Attributes
  • aes_key

    88990

  • antivm

    false

  • c2_url

    https://pastebin.com/raw/jQFt05XM

  • delay

    3

  • download_payload

    false

  • install

    true

  • install_name

    Steam.exe

  • main_folder

    AppData

  • pin_spread

    true

  • sub_folder

    \

  • usb_spread

    true

Targets

    • Target

      bypasser.exe

    • Size

      7.4MB

    • MD5

      3ebb2e6a2284b96fd6214a9c97ccbdcd

    • SHA1

      10c14165a613285b52bc877f1e91ea5bb582d4b1

    • SHA256

      d71d22e6710f0b8861a41a42acd5d7aab239e55085517580590990619f25218b

    • SHA512

      5543e836d58b2b2fe2afcf13b18752cf95d1550e26893760baf5d7e27719df002973dd56b0b76ccd20e2267525fe83a40ee6fa9d3353081c9cee7037c2cb6219

    • SSDEEP

      196608:yfPuN4FMIZETSwjPePdrQJ/BNOqpYPv1:bQETSwvJHOqpi1

    Score
    10/10
    limeratpyinstallerratupx

    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

      ratlimerat

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks