limerat | 508444b238e049dbee51d502ef53a26cbd4fc0ae2141c2a56650fdc1dc6b4d84 | Triage

Sharing

General

Target

7a07ef5fa44279ff06131f0f06312e67_JaffaCakes118
Size

477KB
Sample

240527-wp64fscf2s
MD5

7a07ef5fa44279ff06131f0f06312e67
SHA1

b5bca88bb56c4ce144da98cefc7b43a1b8490192
SHA256

508444b238e049dbee51d502ef53a26cbd4fc0ae2141c2a56650fdc1dc6b4d84
SHA512

324f808d19e5e4b66894f6e7d87b8e7633f6ac98e17e8d6c30bda48f6a3416e2e39ba0806b0c1df5ad4cf93a4966eeb11bc378e0caebccf670feec4187301ee0
SSDEEP

12288:zYeE0VRXwQWJ21+YCveW5M+N09dHRJyHF4gBM0:zCZ

Score

10^/10

limerat persistence rat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
ACE
antivm
false
c2_url
https://pastebin.com/raw/xZjNDHCs
delay
3
download_payload
false
install
false
install_name
Wservices.exe
main_folder
AppData
pin_spread
false
sub_folder
\
usb_spread
false

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/xZjNDHCs
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  7a07ef5fa44279ff06131f0f06312e67_JaffaCakes118
- Size
  
  477KB
- MD5
  
  7a07ef5fa44279ff06131f0f06312e67
- SHA1
  
  b5bca88bb56c4ce144da98cefc7b43a1b8490192
- SHA256
  
  508444b238e049dbee51d502ef53a26cbd4fc0ae2141c2a56650fdc1dc6b4d84
- SHA512
  
  324f808d19e5e4b66894f6e7d87b8e7633f6ac98e17e8d6c30bda48f6a3416e2e39ba0806b0c1df5ad4cf93a4966eeb11bc378e0caebccf670feec4187301ee0
- SSDEEP
  
  12288:zYeE0VRXwQWJ21+YCveW5M+N09dHRJyHF4gBM0:zCZ
Score

10^/10

limerat persistence rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

limeratpersistencerat

behavioral2

limeratpersistencerat