limerat | ad59f7a299e7839f81f04f037be2234da036c58b2f6ed2a9c9cb109f3d18705b | Triage

Sharing

General

Target

5e150a45eeb9215dee33da8f9e6c6ae9
Size

1.1MB
Sample

231222-ec5w7abffk
MD5

5e150a45eeb9215dee33da8f9e6c6ae9
SHA1

d05a8c383051ffacb104856b58eeda123bb70695
SHA256

ad59f7a299e7839f81f04f037be2234da036c58b2f6ed2a9c9cb109f3d18705b
SHA512

78cd3ac83eadb0431399f4fd0a8e68e2b7af1747323281d04b6c0dfa0bf6eb318df977ff75c1514de1c623fa43d67fffa9981f4c581533d6cb8aa75afd4e9906
SSDEEP

24576:JQfzEWuougTY5sC1Mp7vHyecNLWlGNxTRQY:qzTuuYp1G/yecNLWIxTR

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Wallets

1LLUV51XQKqq94X965Cc6uGPXeZEGSqCdV

Attributes

aes_key
NYANCAT
antivm
false
c2_url
https://pastebin.com/raw/4pByu6u5
delay
3
download_payload
false
install
false
install_name
Wservices.exe
main_folder
AppData
pin_spread
false
sub_folder
\
usb_spread
true

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/4pByu6u5
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  5e150a45eeb9215dee33da8f9e6c6ae9
- Size
  
  1.1MB
- MD5
  
  5e150a45eeb9215dee33da8f9e6c6ae9
- SHA1
  
  d05a8c383051ffacb104856b58eeda123bb70695
- SHA256
  
  ad59f7a299e7839f81f04f037be2234da036c58b2f6ed2a9c9cb109f3d18705b
- SHA512
  
  78cd3ac83eadb0431399f4fd0a8e68e2b7af1747323281d04b6c0dfa0bf6eb318df977ff75c1514de1c623fa43d67fffa9981f4c581533d6cb8aa75afd4e9906
- SSDEEP
  
  24576:JQfzEWuougTY5sC1Mp7vHyecNLWlGNxTRQY:qzTuuYp1G/yecNLWIxTR
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2