General
-
Target
34257f43cd09bb9f9aa171b8d5d40d15
-
Size
53KB
-
Sample
231231-ngzqeafea8
-
MD5
34257f43cd09bb9f9aa171b8d5d40d15
-
SHA1
2205fc3296c2fa97706700c4e6d6f7ef1f185892
-
SHA256
8b2a8b2e8d7b89e72c2fbdbb79596f9d4dcc0a4304c566ee26bd5b966a099568
-
SHA512
b16feb70bddc57e556be7db50242a50a600e4775d6a64af64be2d25c055e2e7d0bf292b9c318ff1ddfd9d994995b2f27e47e22b216e864e39d579560ba8c9b08
-
SSDEEP
768:H7XWEtO8a1ZLbWVfgiZb1pW0GpswDx79qs8dfcdaXKzC5Oo+eVO5p+JD1z:LW9v1lWdjQDx79qtdco+eVOnu
Malware Config
Extracted
limerat
1Cs8MjxkXtYwkDKypg8i1Vj5nzhANpgC6y
-
aes_key
2249
-
antivm
false
-
c2_url
https://pastebin.com/raw/G9wX4J5m
-
delay
8
-
download_payload
false
-
install
true
-
install_name
player.exe
-
main_folder
AppData
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/G9wX4J5m
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
34257f43cd09bb9f9aa171b8d5d40d15
-
Size
53KB
-
MD5
34257f43cd09bb9f9aa171b8d5d40d15
-
SHA1
2205fc3296c2fa97706700c4e6d6f7ef1f185892
-
SHA256
8b2a8b2e8d7b89e72c2fbdbb79596f9d4dcc0a4304c566ee26bd5b966a099568
-
SHA512
b16feb70bddc57e556be7db50242a50a600e4775d6a64af64be2d25c055e2e7d0bf292b9c318ff1ddfd9d994995b2f27e47e22b216e864e39d579560ba8c9b08
-
SSDEEP
768:H7XWEtO8a1ZLbWVfgiZb1pW0GpswDx79qs8dfcdaXKzC5Oo+eVO5p+JD1z:LW9v1lWdjQDx79qtdco+eVOnu
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-