General

  • Target

    0x000a000000015603-57.dat

  • Size

    28KB

  • Sample

    231120-ryzcrage79

  • MD5

    ab9502a920271fd1cf060f388a45fcd0

  • SHA1

    c7292f1d76eae037d3ea5dbbc171eee21bc944d8

  • SHA256

    e0fb281db34b9fa35971cb1af42175d6b5650c46f261771361a1aeed70565787

  • SHA512

    7fcf30539e0cf74d4f27904c4205d0d8fd209ffec2ca97fdd1277c3096e1dc8c910ce239b7bd622d4275d4ea24f5be2ca0ae6a3a2687e492fd7774712c620452

  • SSDEEP

    384:VB+Sbj6NKGBG6N9AHNOkQrQqDRc84JvDKNrCeJE3WNgX/7RQ2Qro3lcqsdsjr:PpGM6N9wNcc84B45NQT/f1j

Score
10/10

Malware Config

Extracted

Family

limerat

Attributes
  • aes_key

    devil

  • antivm

    false

  • c2_url

    https://pastebin.com/raw/rPy10VvM

  • delay

    3

  • download_payload

    false

  • install

    true

  • install_name

    Windows Session Manager.exe

  • main_folder

    AppData

  • pin_spread

    false

  • sub_folder

    \Windows\

  • usb_spread

    false

Extracted

Family

limerat

Attributes
  • antivm

    false

  • c2_url

    https://pastebin.com/raw/rPy10VvM

  • download_payload

    false

  • install

    false

  • pin_spread

    false

  • usb_spread

    false

Targets

    • Target

      0x000a000000015603-57.dat

    • Size

      28KB

    • MD5

      ab9502a920271fd1cf060f388a45fcd0

    • SHA1

      c7292f1d76eae037d3ea5dbbc171eee21bc944d8

    • SHA256

      e0fb281db34b9fa35971cb1af42175d6b5650c46f261771361a1aeed70565787

    • SHA512

      7fcf30539e0cf74d4f27904c4205d0d8fd209ffec2ca97fdd1277c3096e1dc8c910ce239b7bd622d4275d4ea24f5be2ca0ae6a3a2687e492fd7774712c620452

    • SSDEEP

      384:VB+Sbj6NKGBG6N9AHNOkQrQqDRc84JvDKNrCeJE3WNgX/7RQ2Qro3lcqsdsjr:PpGM6N9wNcc84B45NQT/f1j

    Score
    10/10
    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks