limerat | fbf0388628cb2dfc1457adee1af6c5ca5ba58338f9e80b5fc496a5ead2e8c8ea | Triage

Sharing

General

Target

12cb486e08aceea42a1d3a2ce7eaea69
Size

888KB
Sample

231230-jtrs4sfaal
MD5

12cb486e08aceea42a1d3a2ce7eaea69
SHA1

00dddccfb0d47c296db963ae91cd9530dde9e61c
SHA256

fbf0388628cb2dfc1457adee1af6c5ca5ba58338f9e80b5fc496a5ead2e8c8ea
SHA512

d4577f9189388e0d74217120ef65233ceeba8b9b71c38f6b1346f2faec8d1df18a47d96f94f9e3eedfb7dbe245b63f0e121dd2ad83aaa03f3fb9982edad193c4
SSDEEP

12288:vRu10z5N3Sy5/dehF8ACG0EJKjS+UPweBMW+FEyXeiksBEc:vQSNiy5/dGoRtjSFPw7JFVS/

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Wallets

bc1qqzgu92ktr9qnz4z8uwxkkndtapv76wn3hxt9j4

Attributes

aes_key
limerat
antivm
false
c2_url
https://pastebin.com/raw/2JryzqpH
delay
3
download_payload
false
install
false
install_name
Wservices.exe
main_folder
Temp
pin_spread
false
sub_folder
\
usb_spread
false

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/2JryzqpH
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  12cb486e08aceea42a1d3a2ce7eaea69
- Size
  
  888KB
- MD5
  
  12cb486e08aceea42a1d3a2ce7eaea69
- SHA1
  
  00dddccfb0d47c296db963ae91cd9530dde9e61c
- SHA256
  
  fbf0388628cb2dfc1457adee1af6c5ca5ba58338f9e80b5fc496a5ead2e8c8ea
- SHA512
  
  d4577f9189388e0d74217120ef65233ceeba8b9b71c38f6b1346f2faec8d1df18a47d96f94f9e3eedfb7dbe245b63f0e121dd2ad83aaa03f3fb9982edad193c4
- SSDEEP
  
  12288:vRu10z5N3Sy5/dehF8ACG0EJKjS+UPweBMW+FEyXeiksBEc:vQSNiy5/dGoRtjSFPw7JFVS/
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2