limerat | ec781a714d6bc6fac48d59890d9ae594ffd4dbc95710f2da1f1aa3d5b87b9e01 | Triage

Sharing

General

Target

a039c46553a47916ff3376b88dde0a81
Size

694KB
Sample

240216-m88a7ahd8v
MD5

a039c46553a47916ff3376b88dde0a81
SHA1

84e9846e8895c79a3a65cf3e54aa7a52dacf995a
SHA256

ec781a714d6bc6fac48d59890d9ae594ffd4dbc95710f2da1f1aa3d5b87b9e01
SHA512

d342258b1f57ed230eb1e3542eebb493edbbf82aa1d62d1d9b3dcc301e6700e69a3feaf99e29544c68b9c6092a70a3a98b872da1485e78e5891f1a2fa8a22c2a
SSDEEP

12288:KthfCHBrr9/uuQl7nNPV7mtU1EwiTsej472iNSzAaP:LsxV7my1cFjM1IzAg

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Wallets

bc1qdajqyl8uarnz63e2we9xchx3zqcd5xcyfshfyk

Attributes

aes_key
lime
antivm
true
c2_url
https://pastebin.com/raw/4Xj3extx
delay
3
download_payload
false
install
true
install_name
Wservices.exe
main_folder
Temp
pin_spread
false
sub_folder
\
usb_spread
true

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/4Xj3extx
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  a039c46553a47916ff3376b88dde0a81
- Size
  
  694KB
- MD5
  
  a039c46553a47916ff3376b88dde0a81
- SHA1
  
  84e9846e8895c79a3a65cf3e54aa7a52dacf995a
- SHA256
  
  ec781a714d6bc6fac48d59890d9ae594ffd4dbc95710f2da1f1aa3d5b87b9e01
- SHA512
  
  d342258b1f57ed230eb1e3542eebb493edbbf82aa1d62d1d9b3dcc301e6700e69a3feaf99e29544c68b9c6092a70a3a98b872da1485e78e5891f1a2fa8a22c2a
- SSDEEP
  
  12288:KthfCHBrr9/uuQl7nNPV7mtU1EwiTsej472iNSzAaP:LsxV7my1cFjM1IzAg
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2