limerat | c1bfda3a4ac6fd27e2947c4ad863ba554cb25dff909fe26ce739a50c2752a0a3 | Triage

Sharing

General

Target

e093e99088a1e13e12e64150778ce72c
Size

28KB
Sample

231220-tfl1tagfc6
MD5

e093e99088a1e13e12e64150778ce72c
SHA1

bd109b4eea2b8804cfc7b1351ad79a6d1f044dd9
SHA256

c1bfda3a4ac6fd27e2947c4ad863ba554cb25dff909fe26ce739a50c2752a0a3
SHA512

16a5f5dfaad54883aad6e128650afbac47e58e55de6a0627c456c00b648db16fc9e2e8bfb525c81e7e5ac0c737e3df2fba5ea174ecb433b3bd2c24cb969fd8bb
SSDEEP

384:jECWna6X7ehaDgcmfKHDMzCJojHYvnjvD6Nr/uJEnjJUDxrlr3ZLPikbMgntPTr3:ueEcWHDmMlDQNdUdB3zbVt8Jijykb

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Wallets

1KR7iRAoTeUdZ4KiiASRcdcbpMv2yi5wJ7

Attributes

aes_key
janonn
antivm
false
c2_url
https://pastebin.com/raw/2hFCdHWq
delay
3
download_payload
false
install
true
install_name
WindowsUpdate.exe
main_folder
UserProfile
pin_spread
false
sub_folder
\WindowsUpdate\
usb_spread
false

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/2hFCdHWq
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  e093e99088a1e13e12e64150778ce72c
- Size
  
  28KB
- MD5
  
  e093e99088a1e13e12e64150778ce72c
- SHA1
  
  bd109b4eea2b8804cfc7b1351ad79a6d1f044dd9
- SHA256
  
  c1bfda3a4ac6fd27e2947c4ad863ba554cb25dff909fe26ce739a50c2752a0a3
- SHA512
  
  16a5f5dfaad54883aad6e128650afbac47e58e55de6a0627c456c00b648db16fc9e2e8bfb525c81e7e5ac0c737e3df2fba5ea174ecb433b3bd2c24cb969fd8bb
- SSDEEP
  
  384:jECWna6X7ehaDgcmfKHDMzCJojHYvnjvD6Nr/uJEnjJUDxrlr3ZLPikbMgntPTr3:ueEcWHDmMlDQNdUdB3zbVt8Jijykb
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2