General
-
Target
de02ba99f65d07c4973b33fec5aefdac
-
Size
1.6MB
-
Sample
240325-pmv5vafd53
-
MD5
de02ba99f65d07c4973b33fec5aefdac
-
SHA1
54419bd1e07a8e3ab393c55cf55570bc3fe2b526
-
SHA256
05f0ad4df75e687b4a188f34e31a60afb0a772d32e51f6e77f62ec484e7cf35e
-
SHA512
c38740af611109ebae7552045e4b1d88909840d54c91ad585adba52b2d36be806fde3f84c1cd18c086debe995ef5475faf9b53614ebe83fe56825c97a877d6d8
-
SSDEEP
49152:ReKvWKlH8SM3ShGiSTZdXTZdHXTZdXTZ:
Malware Config
Extracted
limerat
3Qus18px7doBsKbzeHGBmnanWuPS4S3tAn
-
aes_key
7aXx4CiaQxg8Py3gI
-
antivm
true
-
c2_url
https://pastebin.com/raw/ZJvAZBza
-
delay
60
-
download_payload
false
-
install
true
-
install_name
csrss.exe
-
main_folder
Temp
-
pin_spread
true
-
sub_folder
\
-
usb_spread
true
Targets
-
-
Target
de02ba99f65d07c4973b33fec5aefdac
-
Size
1.6MB
-
MD5
de02ba99f65d07c4973b33fec5aefdac
-
SHA1
54419bd1e07a8e3ab393c55cf55570bc3fe2b526
-
SHA256
05f0ad4df75e687b4a188f34e31a60afb0a772d32e51f6e77f62ec484e7cf35e
-
SHA512
c38740af611109ebae7552045e4b1d88909840d54c91ad585adba52b2d36be806fde3f84c1cd18c086debe995ef5475faf9b53614ebe83fe56825c97a877d6d8
-
SSDEEP
49152:ReKvWKlH8SM3ShGiSTZdXTZdHXTZdXTZ:
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-