limerat | 44f8f0b67907cb91d414a1c0cb33e74e42d201e05869129a9d1d4039dbfb0fe2 | Triage

Submit
Reports

Overview

overview

Static

static

5

44f8f0b679...e2.exe

windows7-x64

44f8f0b679...e2.exe

windows10-2004-x64

Sharing

General

Target

44f8f0b67907cb91d414a1c0cb33e74e42d201e05869129a9d1d4039dbfb0fe2.exe
Size

910KB
Sample

240323-cnllkseh2v
MD5

2c2a5ffd16b2c07a378245bc4903aaa8
SHA1

bdf1a94e0e7acd7c5d7f61e56b88c2e16bafe71f
SHA256

44f8f0b67907cb91d414a1c0cb33e74e42d201e05869129a9d1d4039dbfb0fe2
SHA512

7f597122462f38f61f2246d16e0c68d2f00c2b610c3393401d2badbf5958f91dea118c23eee39ab08e37069c72bf4ac360c8696eff7b862f3ac2229cb84537ab
SSDEEP

24576:fAHnh+eWsN3skA4RV1Hom2KXMmHaoeyFxl5:Ch+ZkldoPK8Yao3

Score

10^/10

limerat rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

44f8f0b67907cb91d414a1c0cb33e74e42d201e05869129a9d1d4039dbfb0fe2.exe

Resource

win7-20240221-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

44f8f0b67907cb91d414a1c0cb33e74e42d201e05869129a9d1d4039dbfb0fe2.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

limerat

Wallets

1B5aLZh6psoQttLGn9tpbdibiWqzyh4Jfv

Attributes

aes_key
NYANCAT
antivm
false
c2_url
https://pastebin.com/raw/LJe9sUk5
delay
3
download_payload
false
install
false
install_name
Wservices.exe
main_folder
Temp
pin_spread
false
sub_folder
\
usb_spread
true

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/LJe9sUk5
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  44f8f0b67907cb91d414a1c0cb33e74e42d201e05869129a9d1d4039dbfb0fe2.exe
- Size
  
  910KB
- MD5
  
  2c2a5ffd16b2c07a378245bc4903aaa8
- SHA1
  
  bdf1a94e0e7acd7c5d7f61e56b88c2e16bafe71f
- SHA256
  
  44f8f0b67907cb91d414a1c0cb33e74e42d201e05869129a9d1d4039dbfb0fe2
- SHA512
  
  7f597122462f38f61f2246d16e0c68d2f00c2b610c3393401d2badbf5958f91dea118c23eee39ab08e37069c72bf4ac360c8696eff7b862f3ac2229cb84537ab
- SSDEEP
  
  24576:fAHnh+eWsN3skA4RV1Hom2KXMmHaoeyFxl5:Ch+ZkldoPK8Yao3
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy