imminent | 993795c9eba84889abefe1e23128f194278c7b2b96a31fe5f0a9746f1f60d651 | Triage

Submit
Reports

Overview

overview

Static

static

5

114473b029...4e.exe

windows7-x64

1

114473b029...4e.exe

windows10-2004-x64

Sharing

General

Target

114473b029c29e92c45e452222ad7b4e
Size

24.3MB
Sample

231230-hfbz3adffm
MD5

114473b029c29e92c45e452222ad7b4e
SHA1

f98eda4b76a0e567b8aae0e867271f301980da55
SHA256

993795c9eba84889abefe1e23128f194278c7b2b96a31fe5f0a9746f1f60d651
SHA512

daefdd82c0f284530e3728b9a13a39bd8df6184c46669bcbd38fcb8dfb49925da2eee5760a4e34ce7b4133a67b1cfd9a0bc9f28cd0c4126870b03560a7854a7c
SSDEEP

393216:d0pgWC+4cw08gMka47tPxDKdUU7K9HuNW7BqTOjDtXLEc3uoTH1:ZXjcCtkJPxkn8uw7Bq8X821

Score

10^/10

imminent limerat njrat evasion persistence rat spyware trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

114473b029c29e92c45e452222ad7b4e.exe

Resource

win7-20231129-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

114473b029c29e92c45e452222ad7b4e.exe

Resource

win10v2004-20231215-en

imminent limerat njrat evasion persistence rat spyware trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

limerat

Wallets

1JBKLGyE6AnRGvk92A8x3m8qmXfh3fcEty

Attributes

aes_key
nulled
antivm
true
c2_url
https://pastebin.com/raw/cXuQ0V20
delay
3
download_payload
false
install
false
install_name
Winservices.exe
main_folder
AppData
pin_spread
false
sub_folder
\
usb_spread
true

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/cXuQ0V20
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  114473b029c29e92c45e452222ad7b4e
- Size
  
  24.3MB
- MD5
  
  114473b029c29e92c45e452222ad7b4e
- SHA1
  
  f98eda4b76a0e567b8aae0e867271f301980da55
- SHA256
  
  993795c9eba84889abefe1e23128f194278c7b2b96a31fe5f0a9746f1f60d651
- SHA512
  
  daefdd82c0f284530e3728b9a13a39bd8df6184c46669bcbd38fcb8dfb49925da2eee5760a4e34ce7b4133a67b1cfd9a0bc9f28cd0c4126870b03560a7854a7c
- SSDEEP
  
  393216:d0pgWC+4cw08gMka47tPxDKdUU7K9HuNW7BqTOjDtXLEc3uoTH1:ZXjcCtkJPxkn8uw7Bq8X821
Score

10^/10

imminent limerat njrat evasion persistence rat spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

imminentlimeratnjratevasionpersistenceratspywaretrojan

© 2018-2024

Terms | Privacy