General
-
Target
63df89be98d9252ff824bbefb02ec36a_JaffaCakes118
-
Size
64KB
-
Sample
240401-bt6chahf9w
-
MD5
63df89be98d9252ff824bbefb02ec36a
-
SHA1
50ded468c9a9408fd4103ce44a5ce37fa22ef1ff
-
SHA256
bc85a3b0adcb02cf50469381af6d0ba9ece084774a905e001aa93b2052857fcb
-
SHA512
a3aa27c310530139597e93623bc4c1d908664452a9676ea2f2211691169287a1e12953d471e5f34297b1b7ca8c0bb127c75b7ff14c9324b598dba493f9bf679a
-
SSDEEP
1536:xtFFQ7Rw9l1hnyI9St5v57J2HCMxGGA1FVr9jV9CqE:xtDERanMvFAHHhAFfDy
Malware Config
Extracted
limerat
-
aes_key
dame
-
antivm
false
-
c2_url
https://pastebin.com/raw/dPL0gsvg
-
delay
3
-
download_payload
false
-
install
true
-
install_name
israel.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/dPL0gsvg
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
63df89be98d9252ff824bbefb02ec36a_JaffaCakes118
-
Size
64KB
-
MD5
63df89be98d9252ff824bbefb02ec36a
-
SHA1
50ded468c9a9408fd4103ce44a5ce37fa22ef1ff
-
SHA256
bc85a3b0adcb02cf50469381af6d0ba9ece084774a905e001aa93b2052857fcb
-
SHA512
a3aa27c310530139597e93623bc4c1d908664452a9676ea2f2211691169287a1e12953d471e5f34297b1b7ca8c0bb127c75b7ff14c9324b598dba493f9bf679a
-
SSDEEP
1536:xtFFQ7Rw9l1hnyI9St5v57J2HCMxGGA1FVr9jV9CqE:xtDERanMvFAHHhAFfDy
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-