General
-
Target
9bb1da8969140aa7051ddda703293192
-
Size
497KB
-
Sample
240214-pvwfksbf54
-
MD5
9bb1da8969140aa7051ddda703293192
-
SHA1
05e55309ff756dcfc7bd67fedaf96c6a82ead5a0
-
SHA256
34c61248dd915a7a98ecbd9c2768f924560a22187ef8967c028d6497466b86a4
-
SHA512
62ca279b4442959894075d68b75e8825238399603b3cb180aae2c5734837c6568a09e89f4a810b9c2c68db93c6cd610820cb58efa759b54ef715f569da5731c2
-
SSDEEP
6144:deNgRqCji5ZOLrw67cdNaVzkFXKaKc5+LGWXKfF6z/d9F48W46Nh9hx1A8RskdUO:dHqCm87iS/d348khf9uuoFi9QcA
Malware Config
Extracted
limerat
bc1q5746qkzdr628cmq4swa02lpu2mk69t0pdxdgzs
-
aes_key
Wealth1000$
-
antivm
false
-
c2_url
https://pastebin.com/raw/LF04hVta
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
true
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/LF04hVta
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
9bb1da8969140aa7051ddda703293192
-
Size
497KB
-
MD5
9bb1da8969140aa7051ddda703293192
-
SHA1
05e55309ff756dcfc7bd67fedaf96c6a82ead5a0
-
SHA256
34c61248dd915a7a98ecbd9c2768f924560a22187ef8967c028d6497466b86a4
-
SHA512
62ca279b4442959894075d68b75e8825238399603b3cb180aae2c5734837c6568a09e89f4a810b9c2c68db93c6cd610820cb58efa759b54ef715f569da5731c2
-
SSDEEP
6144:deNgRqCji5ZOLrw67cdNaVzkFXKaKc5+LGWXKfF6z/d9F48W46Nh9hx1A8RskdUO:dHqCm87iS/d348khf9uuoFi9QcA
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-