limerat | 014526d65a3edda386a301dadd624f575c4895f2666d843fd2a5d1cb2be18d4b | Triage

Submit
Reports

Overview

overview

Static

static

ca0aa2179c...b9.exe

windows7-x64

ca0aa2179c...b9.exe

windows10-2004-x64

Sharing

General

Target

ca0aa2179c974faa17ac77d52610e6b9
Size

862KB
Sample

240315-aysfrsca5t
MD5

ca0aa2179c974faa17ac77d52610e6b9
SHA1

eaa0b8b57420f282695da3114bd8a956b5494d8f
SHA256

014526d65a3edda386a301dadd624f575c4895f2666d843fd2a5d1cb2be18d4b
SHA512

17d330adacac922b3110f561c56190a21ccb551ef02eb553aa00ff9c46395c01dfd134aee03670d1be8088652b385cc1111722bddb78de4692bd418973feee45
SSDEEP

12288:MB2EKwuo3ERIzwRe6axp0fmaxcsaauf854:MB2EFwne1saLf8K

Score

10^/10

limerat neshta persistence rat spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

ca0aa2179c974faa17ac77d52610e6b9.exe

Resource

win7-20240221-en

limerat neshta persistence rat spyware stealer

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

ca0aa2179c974faa17ac77d52610e6b9.exe

Resource

win10v2004-20240226-en

neshta persistence spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

limerat

Wallets

1LLUV51XQKqq94X965Cc6uGPXeZEGSqCdV

Attributes

aes_key
NYANCAT
antivm
false
c2_url
https://pastebin.com/raw/4pByu6u5
delay
3
download_payload
false
install
false
install_name
Wservices.exe
main_folder
AppData
pin_spread
false
sub_folder
\
usb_spread
true

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/4pByu6u5
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  ca0aa2179c974faa17ac77d52610e6b9
- Size
  
  862KB
- MD5
  
  ca0aa2179c974faa17ac77d52610e6b9
- SHA1
  
  eaa0b8b57420f282695da3114bd8a956b5494d8f
- SHA256
  
  014526d65a3edda386a301dadd624f575c4895f2666d843fd2a5d1cb2be18d4b
- SHA512
  
  17d330adacac922b3110f561c56190a21ccb551ef02eb553aa00ff9c46395c01dfd134aee03670d1be8088652b385cc1111722bddb78de4692bd418973feee45
- SSDEEP
  
  12288:MB2EKwuo3ERIzwRe6axp0fmaxcsaauf854:MB2EFwne1saLf8K
Score

10^/10

limerat neshta persistence rat spyware stealer
- Detect Neshta payload
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Change Default File Association

Scheduled Task/Job

Privilege Escalation

Event Triggered Execution

Change Default File Association

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

limeratneshtapersistenceratspywarestealer

behavioral2

neshtapersistencespywarestealer

© 2018-2025

Terms | Privacy