limerat | 383787a138376db04c915111b0fba259f7a71051295fcd6f9d8edbe2ee2a22a6 | Triage

Sharing

General

Target

a1c628d5359d578c23674584dd8ed4fd
Size

62KB
Sample

231219-z4sq6agdd5
MD5

a1c628d5359d578c23674584dd8ed4fd
SHA1

ec7256f6c763f31c48172a0f8c46dcbc1db6c646
SHA256

383787a138376db04c915111b0fba259f7a71051295fcd6f9d8edbe2ee2a22a6
SHA512

3204c18da46bde218d76eee8d8fd83430a464026b16727352912630601521a15d3c8ec1a1f80dbb2bd15de5d83e83c8fa377ff97842b610abf4077579ae82068
SSDEEP

1536:HTnmm9cZwg8H6D1LCLCDIgOifIN6pJ2ee0vvoFRavTuxdZ6Yi:HrmmhH6D1LZGB4pApjarux/6Yi

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
dame
antivm
false
c2_url
https://pastebin.com/raw/dPL0gsvg
delay
3
download_payload
false
install
true
install_name
israel.exe
main_folder
Temp
pin_spread
false
sub_folder
\
usb_spread
false

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/dPL0gsvg
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  a1c628d5359d578c23674584dd8ed4fd
- Size
  
  62KB
- MD5
  
  a1c628d5359d578c23674584dd8ed4fd
- SHA1
  
  ec7256f6c763f31c48172a0f8c46dcbc1db6c646
- SHA256
  
  383787a138376db04c915111b0fba259f7a71051295fcd6f9d8edbe2ee2a22a6
- SHA512
  
  3204c18da46bde218d76eee8d8fd83430a464026b16727352912630601521a15d3c8ec1a1f80dbb2bd15de5d83e83c8fa377ff97842b610abf4077579ae82068
- SSDEEP
  
  1536:HTnmm9cZwg8H6D1LCLCDIgOifIN6pJ2ee0vvoFRavTuxdZ6Yi:HrmmhH6D1LZGB4pApjarux/6Yi
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2