General
-
Target
83e3af085f7c7d7432d4affbadc75982
-
Size
787KB
-
Sample
240131-jzl5tahegl
-
MD5
83e3af085f7c7d7432d4affbadc75982
-
SHA1
3e0565a829e1b511937ee7763f9f6f96e87cbcf8
-
SHA256
a47e2fbaf6db3a9a1a410813ec99c958d84edd389437caadbadfb6debc25d758
-
SHA512
a25bcd0c1f50c2bf3b287299ae150ad972af5db5beeb3322d2b9f50bc88c340c7ee97298d12963cccce5c7c1963ee76720954e5f92c25002f586a6b8301daed3
-
SSDEEP
24576:SeC88ES/d3YK64JEWmSC3SU9IwT4zgr1:uuK64JrzC3SU9Is4g1
Malware Config
Extracted
limerat
bc1q5746qkzdr628cmq4swa02lpu2mk69t0pdxdgzs
-
aes_key
Wealth1000$
-
antivm
false
-
c2_url
https://pastebin.com/raw/LF04hVta
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
true
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/LF04hVta
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
83e3af085f7c7d7432d4affbadc75982
-
Size
787KB
-
MD5
83e3af085f7c7d7432d4affbadc75982
-
SHA1
3e0565a829e1b511937ee7763f9f6f96e87cbcf8
-
SHA256
a47e2fbaf6db3a9a1a410813ec99c958d84edd389437caadbadfb6debc25d758
-
SHA512
a25bcd0c1f50c2bf3b287299ae150ad972af5db5beeb3322d2b9f50bc88c340c7ee97298d12963cccce5c7c1963ee76720954e5f92c25002f586a6b8301daed3
-
SSDEEP
24576:SeC88ES/d3YK64JEWmSC3SU9IwT4zgr1:uuK64JrzC3SU9Is4g1
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-