limerat | a1f8bb5990775f277540eb4c7579695477445afd90262cb819567cc9b3042166 | Triage

Submit
Reports

Overview

overview

Static

static

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

a1f8bb5990775f277540eb4c7579695477445afd90262cb819567cc9b3042166
Size

314KB
Sample

240401-h36g7agc7z
MD5

ad997dc4ee32ab469e45009f218175d0
SHA1

17ef145486c494ea9c727972c501471e720887f0
SHA256

a1f8bb5990775f277540eb4c7579695477445afd90262cb819567cc9b3042166
SHA512

727aceb3edd5dfbbbad84e1aef4beb3773313378bd4fa6cd77800d6cf578ba740a5ebc1f3740593071a26daa2cf91e49243fa4ba043d934c8bd936a1526c18d0
SSDEEP

3072:oiPK9mkbyBaKJyPATmiyAnY5o9BrFV0bIBVvBCj4EKK4h75AQ5ii:oCj2yBOiW5o972jEh75F5ii

Score

10^/10

limerat zgrat rat

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

a1f8bb5990775f277540eb4c7579695477445afd90262cb819567cc9b3042166.exe

Resource

win10v2004-20240226-en

limerat zgrat rat

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

a1f8bb5990775f277540eb4c7579695477445afd90262cb819567cc9b3042166.exe

Resource

win11-20240221-en

limerat zgrat rat

windows11-21h2-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  a1f8bb5990775f277540eb4c7579695477445afd90262cb819567cc9b3042166
- Size
  
  314KB
- MD5
  
  ad997dc4ee32ab469e45009f218175d0
- SHA1
  
  17ef145486c494ea9c727972c501471e720887f0
- SHA256
  
  a1f8bb5990775f277540eb4c7579695477445afd90262cb819567cc9b3042166
- SHA512
  
  727aceb3edd5dfbbbad84e1aef4beb3773313378bd4fa6cd77800d6cf578ba740a5ebc1f3740593071a26daa2cf91e49243fa4ba043d934c8bd936a1526c18d0
- SSDEEP
  
  3072:oiPK9mkbyBaKJyPATmiyAnY5o9BrFV0bIBVvBCj4EKK4h75AQ5ii:oCj2yBOiW5o972jEh75F5ii
Score

10^/10

limerat zgrat rat
- Detect ZGRat V1
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

limeratzgratrat

behavioral2

limeratzgratrat

© 2018-2024

Terms | Privacy