General
-
Target
New-Client.exe
-
Size
28KB
-
Sample
240529-zkjddahc8x
-
MD5
ce9b7ca49b4d38aad7c6b65f363a7136
-
SHA1
e51bdb3bea110044fedc9a0a73cbd9bbc291f6e1
-
SHA256
4e60e44a1233df2b661a1cf31390c19ebfa75e18a692414a0d6a1be5e1d9a92e
-
SHA512
2f1841e590b31849a1136533acd8428b704abc7ed2c8fd635d679abe80b03f7ef013d04b6089dc1ccd7f3c5a524314fae85a40c2ef518e6864048d81e02e4f70
-
SSDEEP
384:RB+Sbj6NKW3c61lAHdk9GQqDwlNUgVvDKNrCeJE3WNgu3ScxWdmPHQro3lctosjr:rpWM61lwdUlNbl45NfSqWszoj
Malware Config
Extracted
limerat
-
aes_key
0790308
-
antivm
false
-
c2_url
https://pastebin.com/raw/ug38C3Hv
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/ug38C3Hv
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
New-Client.exe
-
Size
28KB
-
MD5
ce9b7ca49b4d38aad7c6b65f363a7136
-
SHA1
e51bdb3bea110044fedc9a0a73cbd9bbc291f6e1
-
SHA256
4e60e44a1233df2b661a1cf31390c19ebfa75e18a692414a0d6a1be5e1d9a92e
-
SHA512
2f1841e590b31849a1136533acd8428b704abc7ed2c8fd635d679abe80b03f7ef013d04b6089dc1ccd7f3c5a524314fae85a40c2ef518e6864048d81e02e4f70
-
SSDEEP
384:RB+Sbj6NKW3c61lAHdk9GQqDwlNUgVvDKNrCeJE3WNgu3ScxWdmPHQro3lctosjr:rpWM61lwdUlNbl45NfSqWszoj
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Renames multiple (3699) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Legitimate hosting services abused for malware hosting/C2
-