limerat | d1cec3fef368c66fd21ccdc2aacff88ab8bd1517c8765c44074b13c833e39cef | Triage

Sharing

General

Target

d1cec3fef368c66fd21ccdc2aacff88ab8bd1517c8765c44074b13c833e39cef
Size

28KB
Sample

230908-r4tz8acf79
MD5

93bafe094ecbdbdb6fb425b699de95b7
SHA1

dc2883aed46aea8b44e3fbc8482fa3332b8129b3
SHA256

d1cec3fef368c66fd21ccdc2aacff88ab8bd1517c8765c44074b13c833e39cef
SHA512

631aa5f7f6da70233404419c5714618a690766aede518ceca5d45b9aa9053417748610699fb6120f10644fe7df79459b6ae820402213e43ad26a53420f7e8728
SSDEEP

384:pB+Sbj6NKYBSs6/DAH9CXYqDNQWFs5R3pqvDKNrCeJE3WNgnyzE3384GMy8lCEQ3:DpYBP6/Dw9INa5R3po45NLE8IJAj

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
1
antivm
true
c2_url
https://pastebin.com/raw/5pYdnMzj
delay
3
download_payload
false
install
true
install_name
services64.exe
main_folder
AppData
pin_spread
true
sub_folder
\Microsoft\
usb_spread
true

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/5pYdnMzj
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  d1cec3fef368c66fd21ccdc2aacff88ab8bd1517c8765c44074b13c833e39cef
- Size
  
  28KB
- MD5
  
  93bafe094ecbdbdb6fb425b699de95b7
- SHA1
  
  dc2883aed46aea8b44e3fbc8482fa3332b8129b3
- SHA256
  
  d1cec3fef368c66fd21ccdc2aacff88ab8bd1517c8765c44074b13c833e39cef
- SHA512
  
  631aa5f7f6da70233404419c5714618a690766aede518ceca5d45b9aa9053417748610699fb6120f10644fe7df79459b6ae820402213e43ad26a53420f7e8728
- SSDEEP
  
  384:pB+Sbj6NKYBSs6/DAH9CXYqDNQWFs5R3pqvDKNrCeJE3WNgnyzE3384GMy8lCEQ3:DpYBP6/Dw9INa5R3po45NLE8IJAj
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2