Overview

overview

10

Static

static

3

ab9cdcc91e...3b.exe

windows7-x64

10

ab9cdcc91e...3b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ab9cdcc91e38013c926be73428f7d03b

  • Size

    97KB

  • Sample

    231219-1nt5qadgf8

  • MD5

    ab9cdcc91e38013c926be73428f7d03b

  • SHA1

    d2e5d604eec7b39aa844930264c13109f425e9f1

  • SHA256

    e19090ef03d3b2617e1409f23fc768d590f31859e53d9f60baa6d9109ecac6b3

  • SHA512

    ac46ae3320074ad34b01ef96787199c9be88bcffc90d9da14dc5104026c2356851a4b6ecde90ae5eea8037a46476862f44ead0c4f0a0c3691c760dcf836d5074

  • SSDEEP

    1536:uZC69+uI2AwnGWPp6WnriJ460TBkfFBNRkb+9VpaPbMMkpSJwT1hFyX:uG2AWGC6aA0TBkNB3S+9VLZSJI1hFC

Score
10/10
limeratrat

Malware Config

Extracted

Family

limerat

Attributes
  • antivm

    false

  • c2_url

    https://pastebin.com/raw/NzAFK8As

  • download_payload

    false

  • install

    false

  • pin_spread

    false

  • usb_spread

    false

Targets

    • Target

      ab9cdcc91e38013c926be73428f7d03b

    • Size

      97KB

    • MD5

      ab9cdcc91e38013c926be73428f7d03b

    • SHA1

      d2e5d604eec7b39aa844930264c13109f425e9f1

    • SHA256

      e19090ef03d3b2617e1409f23fc768d590f31859e53d9f60baa6d9109ecac6b3

    • SHA512

      ac46ae3320074ad34b01ef96787199c9be88bcffc90d9da14dc5104026c2356851a4b6ecde90ae5eea8037a46476862f44ead0c4f0a0c3691c760dcf836d5074

    • SSDEEP

      1536:uZC69+uI2AwnGWPp6WnriJ460TBkfFBNRkb+9VpaPbMMkpSJwT1hFyX:uG2AWGC6aA0TBkNB3S+9VLZSJI1hFC

    Score
    10/10
    limeratrat

    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

      ratlimerat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks