limerat | 1a2c7a6bc707d4ea875f2add729144758f568fbb38d885e1d56f30838ebe1707 | Triage

Sharing

General

Target

849a5dd4221f907aa7fbdf6a9beade20_JaffaCakes118
Size

140KB
Sample

240402-fw7qkaaa55
MD5

849a5dd4221f907aa7fbdf6a9beade20
SHA1

c311517fba68acd4f129b755e81c13064d1d5ae0
SHA256

1a2c7a6bc707d4ea875f2add729144758f568fbb38d885e1d56f30838ebe1707
SHA512

be2735799d63ab5d231318c13a6c89719badb6f5072bc0a5c03a3868d36c5d503f6c321154cab65d4b8fab1cf15d7c1dcc053fc2139d57921c9ac73e9aa221d7
SSDEEP

3072:FaRBXzPA9xTgPqKktyZcoiW5AgvFvmt/dvIB9n96f:orXzoxTgCZtyZiW5Ax5dv2a

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/v9J7B6vz
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  849a5dd4221f907aa7fbdf6a9beade20_JaffaCakes118
- Size
  
  140KB
- MD5
  
  849a5dd4221f907aa7fbdf6a9beade20
- SHA1
  
  c311517fba68acd4f129b755e81c13064d1d5ae0
- SHA256
  
  1a2c7a6bc707d4ea875f2add729144758f568fbb38d885e1d56f30838ebe1707
- SHA512
  
  be2735799d63ab5d231318c13a6c89719badb6f5072bc0a5c03a3868d36c5d503f6c321154cab65d4b8fab1cf15d7c1dcc053fc2139d57921c9ac73e9aa221d7
- SSDEEP
  
  3072:FaRBXzPA9xTgPqKktyZcoiW5AgvFvmt/dvIB9n96f:orXzoxTgCZtyZiW5Ax5dv2a
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2