General
-
Target
678a836b41b132da287f0da90e822480
-
Size
166KB
-
Sample
240119-nwyrnadbfn
-
MD5
678a836b41b132da287f0da90e822480
-
SHA1
d4eec0106a8fffcb9c850ba515b18a84c42f7973
-
SHA256
73536c89f6d0063c32c17294ae8aedd69b75fc9b5adb6848749a0b811241ea8e
-
SHA512
221a6dbf894d8b58f1a4357df8e774b13783ad08d805b48df0ce57dbd9579118f49fe1248ea023711d2684a650d02a4789f50d6ca6986e71fd7857fed0f3aec4
-
SSDEEP
3072:O2OP/lXyajtcnHLEt+UUN3VEggvwMoGc6OFULv3rFLZmVjDBEDmhIJLPcaZMXpFd:ny/liajqnHLEt+lVEg25o16OCLRl2DqC
Malware Config
Extracted
limerat
1Cs8MjxkXtYwkDKypg8i1Vj5nzhANpgC6y
-
aes_key
2249
-
antivm
false
-
c2_url
https://pastebin.com/raw/G9wX4J5m
-
delay
8
-
download_payload
false
-
install
true
-
install_name
player.exe
-
main_folder
AppData
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/G9wX4J5m
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
678a836b41b132da287f0da90e822480
-
Size
166KB
-
MD5
678a836b41b132da287f0da90e822480
-
SHA1
d4eec0106a8fffcb9c850ba515b18a84c42f7973
-
SHA256
73536c89f6d0063c32c17294ae8aedd69b75fc9b5adb6848749a0b811241ea8e
-
SHA512
221a6dbf894d8b58f1a4357df8e774b13783ad08d805b48df0ce57dbd9579118f49fe1248ea023711d2684a650d02a4789f50d6ca6986e71fd7857fed0f3aec4
-
SSDEEP
3072:O2OP/lXyajtcnHLEt+UUN3VEggvwMoGc6OFULv3rFLZmVjDBEDmhIJLPcaZMXpFd:ny/liajqnHLEt+lVEg25o16OCLRl2DqC
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Legitimate hosting services abused for malware hosting/C2
-