General
-
Target
94286e8c12dccb3f8d0392a5de90d342fb11b530a47bd02370988d637b303cc0
-
Size
23KB
-
Sample
240419-slhd5sfe39
-
MD5
e9346d02a6c7b066f16ed2a590ddc270
-
SHA1
6e4f1d2f715a190cadc2115c05a84f7aa15438e5
-
SHA256
94286e8c12dccb3f8d0392a5de90d342fb11b530a47bd02370988d637b303cc0
-
SHA512
bc75f0caf7cc2baf2925a9cc8faefffdd7617ba54c0152c10a72c54083a74eb91c0ee8c7cf4e417ad156dc1d7a4392dc3055cbec7447c9281cc26d6300a2a804
-
SSDEEP
384:4ONKrqJ/EQoh4zcEEfXhMk7bObAuzot/HnBgMtnFuQuQl/0/bDKfjqGpMON7j:j0rtQF4tf+k7bObAuiBgMtFuQ5y/QHMa
Malware Config
Extracted
limerat
-
aes_key
NKHUB
-
antivm
true
-
c2_url
https://pastebin.com/raw/K6zz3eth
-
delay
3
-
download_payload
false
-
install
true
-
install_name
svchost.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\OdlaçddApdad\
-
usb_spread
true
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/K6zz3eth
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
7e599c6aa3e49cbe46990cf8fd8803cb30e2255a2f21d6a1287e7ee4a2ff9fc3.exe
-
Size
28KB
-
MD5
08750b4bbc8a34a3f7e12bb6f9a71444
-
SHA1
400f42a7a1c9d7486ad7d07200a5a2908d71d231
-
SHA256
7e599c6aa3e49cbe46990cf8fd8803cb30e2255a2f21d6a1287e7ee4a2ff9fc3
-
SHA512
81b25e17299f11b8487df0914471f85786d30983f87640eb6b4bbda2a21257a675085c32395694a49d00f8d7d0e01705a06f870c4d7729159fd0d62ed2eac5f0
-
SSDEEP
384:s/rLhJcl6QdgPxVHGhOaZJTGPuFW9vcCZjgD0kau3GXsW7ltIpjIhvGyvN9:s/rLhufgPhaumCvcvDauCWjIhvr
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-