limerat | eb2cb43109e3828c2bd8031e2581234c9bb99ac01a4d0e525c15b8ddab4dfc4e | Triage

Submit
Reports

Overview

overview

Static

static

eb2cb43109...4e.exe

windows7-x64

eb2cb43109...4e.exe

windows10-2004-x64

Sharing

General

Target

eb2cb43109e3828c2bd8031e2581234c9bb99ac01a4d0e525c15b8ddab4dfc4e
Size

167KB
Sample

240328-bbndzahh83
MD5

ee398a5a810d55e77da341e985df76ae
SHA1

a36f40113cde26dc67c6ac6dfdff521edaaab141
SHA256

eb2cb43109e3828c2bd8031e2581234c9bb99ac01a4d0e525c15b8ddab4dfc4e
SHA512

0795159c0f27e1c429b38dabff72168c1235b3d6653b028828b9a20e3893a58de7d6fc97dd779c7f92c75105570be9b8bd782de07e550f2f81161a7b8f9dc5bc
SSDEEP

3072:4xw8QEMF1CXiLHr+wIr6Nrjs6vaqTy7DoouTW0Hhr/HQZ:fE21CXiH+w4gzW0dw

Score

10^/10

limerat rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

eb2cb43109e3828c2bd8031e2581234c9bb99ac01a4d0e525c15b8ddab4dfc4e.exe

Resource

win7-20240220-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

eb2cb43109e3828c2bd8031e2581234c9bb99ac01a4d0e525c15b8ddab4dfc4e.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/wMuPHieh
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  eb2cb43109e3828c2bd8031e2581234c9bb99ac01a4d0e525c15b8ddab4dfc4e
- Size
  
  167KB
- MD5
  
  ee398a5a810d55e77da341e985df76ae
- SHA1
  
  a36f40113cde26dc67c6ac6dfdff521edaaab141
- SHA256
  
  eb2cb43109e3828c2bd8031e2581234c9bb99ac01a4d0e525c15b8ddab4dfc4e
- SHA512
  
  0795159c0f27e1c429b38dabff72168c1235b3d6653b028828b9a20e3893a58de7d6fc97dd779c7f92c75105570be9b8bd782de07e550f2f81161a7b8f9dc5bc
- SSDEEP
  
  3072:4xw8QEMF1CXiLHr+wIr6Nrjs6vaqTy7DoouTW0Hhr/HQZ:fE21CXiH+w4gzW0dw
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Detects executables packed with unregistered version of .NET Reactor
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy