limerat | d89a56bbfa46016796046572213f98af65abdd863fef32f8eaf50ace8fb1f921 | Triage

Sharing

General

Target

New-Client.exe
Size

28KB
Sample

240529-sk8vpsah68
MD5

2d0c62fc7cc0fcddec7cdfd2b4aacbd7
SHA1

6dab1f5cb32d4c3a5f8789b07f4c2930a49d1956
SHA256

d89a56bbfa46016796046572213f98af65abdd863fef32f8eaf50ace8fb1f921
SHA512

e48f0474c68674a4907f22f89f6a6f3f074128731e5ee453e3482d22851d567055b9b49fe21b30f9c1858fa2276ec5bd34a3abe8205c530550ff4a2ea9826e53
SSDEEP

384:0B+Sbj6NKSfa6JBAHNefWXqDpOinsmsDdvDKNrCeJE3WNgOT5E/JXr4CQro3lcTR:ypSS6JBwNOOism0d45NP5211wj

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
07903088
antivm
true
c2_url
https://pastebin.com/raw/J0uqtmU4
delay
3
download_payload
false
install
false
install_name
Wservices.exe
main_folder
Temp
pin_spread
false
sub_folder
\
usb_spread
false

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/J0uqtmU4
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  New-Client.exe
- Size
  
  28KB
- MD5
  
  2d0c62fc7cc0fcddec7cdfd2b4aacbd7
- SHA1
  
  6dab1f5cb32d4c3a5f8789b07f4c2930a49d1956
- SHA256
  
  d89a56bbfa46016796046572213f98af65abdd863fef32f8eaf50ace8fb1f921
- SHA512
  
  e48f0474c68674a4907f22f89f6a6f3f074128731e5ee453e3482d22851d567055b9b49fe21b30f9c1858fa2276ec5bd34a3abe8205c530550ff4a2ea9826e53
- SSDEEP
  
  384:0B+Sbj6NKSfa6JBAHNefWXqDpOinsmsDdvDKNrCeJE3WNgOT5E/JXr4CQro3lcTR:ypSS6JBwNOOism0d45NP5211wj
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1