limerat | 72b8deec4c725fa64676fc74a84ad2426ddee89a3b3c8bb00073ef10514ddb9f | Triage

Sharing

General

Target

2b9c865fd057f370f77e5f2e96922088
Size

717KB
Sample

231231-g5wkbseddp
MD5

2b9c865fd057f370f77e5f2e96922088
SHA1

3dc962377b0937fec1f10f6ac585e75e6bab92e0
SHA256

72b8deec4c725fa64676fc74a84ad2426ddee89a3b3c8bb00073ef10514ddb9f
SHA512

e5e4e5aaec72c76926ca1c27856af07131b7d6c348c99481b8f2e1cf9960ed5a4826dffa2394cdbeec91cd8a7dd9a1eebf55c09871180d0e6564c764c1a0e351
SSDEEP

12288:25WafCzLOmE6+/QkvRklicBbRVjoq8OUXD7Wp/qwYnwnTRVY8I4J2pbFpe+FHAqg:CzfCHzD+/BRkUzEvp/N

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Wallets

bc1qdajqyl8uarnz63e2we9xchx3zqcd5xcyfshfyk

Attributes

aes_key
lime
antivm
true
c2_url
https://pastebin.com/raw/4Xj3extx
delay
3
download_payload
false
install
true
install_name
Wservices.exe
main_folder
Temp
pin_spread
false
sub_folder
\
usb_spread
true

Targets

- Target
  
  2b9c865fd057f370f77e5f2e96922088
- Size
  
  717KB
- MD5
  
  2b9c865fd057f370f77e5f2e96922088
- SHA1
  
  3dc962377b0937fec1f10f6ac585e75e6bab92e0
- SHA256
  
  72b8deec4c725fa64676fc74a84ad2426ddee89a3b3c8bb00073ef10514ddb9f
- SHA512
  
  e5e4e5aaec72c76926ca1c27856af07131b7d6c348c99481b8f2e1cf9960ed5a4826dffa2394cdbeec91cd8a7dd9a1eebf55c09871180d0e6564c764c1a0e351
- SSDEEP
  
  12288:25WafCzLOmE6+/QkvRklicBbRVjoq8OUXD7Wp/qwYnwnTRVY8I4J2pbFpe+FHAqg:CzfCHzD+/BRkUzEvp/N
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2