General
-
Target
c23d849b84bb757dc19ccd19a7c7c6c1
-
Size
64KB
-
Sample
231220-rgjkzafdhp
-
MD5
c23d849b84bb757dc19ccd19a7c7c6c1
-
SHA1
6f0eaa46dbfe8a7ff5596414118c0ba52a64b16d
-
SHA256
8b81b385a2646033343216dcdfd40463b127f36a0708dfcdc189e571d2add35f
-
SHA512
a16195078aad21dc47fe48ed514612dcc6af4e39fc2680d7095b2105a3fb9856e0022ab448a0a150b80167204d58f7d74c29793e9de1f31ef23f742650ce28c8
-
SSDEEP
768:cWvDGHFPHc5b3U+KOT/NO1lgA9SkuTdIbf+iK6shRoJv0wtVbG+HdyJW5wmy3OOP:cZlPg3U+jT+KGq6shR8vHD5wi4OOP
Malware Config
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/NzAFK8As
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
c23d849b84bb757dc19ccd19a7c7c6c1
-
Size
64KB
-
MD5
c23d849b84bb757dc19ccd19a7c7c6c1
-
SHA1
6f0eaa46dbfe8a7ff5596414118c0ba52a64b16d
-
SHA256
8b81b385a2646033343216dcdfd40463b127f36a0708dfcdc189e571d2add35f
-
SHA512
a16195078aad21dc47fe48ed514612dcc6af4e39fc2680d7095b2105a3fb9856e0022ab448a0a150b80167204d58f7d74c29793e9de1f31ef23f742650ce28c8
-
SSDEEP
768:cWvDGHFPHc5b3U+KOT/NO1lgA9SkuTdIbf+iK6shRoJv0wtVbG+HdyJW5wmy3OOP:cZlPg3U+jT+KGq6shR8vHD5wi4OOP
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-