General

  • Target

    de02ba99f65d07c4973b33fec5aefdac

  • Size

    1.6MB

  • Sample

    240325-pmv5vafd53

  • MD5

    de02ba99f65d07c4973b33fec5aefdac

  • SHA1

    54419bd1e07a8e3ab393c55cf55570bc3fe2b526

  • SHA256

    05f0ad4df75e687b4a188f34e31a60afb0a772d32e51f6e77f62ec484e7cf35e

  • SHA512

    c38740af611109ebae7552045e4b1d88909840d54c91ad585adba52b2d36be806fde3f84c1cd18c086debe995ef5475faf9b53614ebe83fe56825c97a877d6d8

  • SSDEEP

    49152:ReKvWKlH8SM3ShGiSTZdXTZdHXTZdXTZ:

Score
10/10

Malware Config

Extracted

Family

limerat

Wallets

3Qus18px7doBsKbzeHGBmnanWuPS4S3tAn

Attributes
  • aes_key

    7aXx4CiaQxg8Py3gI

  • antivm

    true

  • c2_url

    https://pastebin.com/raw/ZJvAZBza

  • delay

    60

  • download_payload

    false

  • install

    true

  • install_name

    csrss.exe

  • main_folder

    Temp

  • pin_spread

    true

  • sub_folder

    \

  • usb_spread

    true

Targets

    • Target

      de02ba99f65d07c4973b33fec5aefdac

    • Size

      1.6MB

    • MD5

      de02ba99f65d07c4973b33fec5aefdac

    • SHA1

      54419bd1e07a8e3ab393c55cf55570bc3fe2b526

    • SHA256

      05f0ad4df75e687b4a188f34e31a60afb0a772d32e51f6e77f62ec484e7cf35e

    • SHA512

      c38740af611109ebae7552045e4b1d88909840d54c91ad585adba52b2d36be806fde3f84c1cd18c086debe995ef5475faf9b53614ebe83fe56825c97a877d6d8

    • SSDEEP

      49152:ReKvWKlH8SM3ShGiSTZdXTZdHXTZdXTZ:

    Score
    10/10
    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks