Analysis
-
max time kernel
302s -
max time network
306s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
30-05-2024 12:32
Behavioral task
behavioral1
Sample
Rat Testing/Lime Rat.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
Rat Testing/Lime Rat.exe
-
Size
28KB
-
MD5
457d2e2fabc4243730eb308bb0f4e073
-
SHA1
7f17f6124dd7271723887350e406240888566db7
-
SHA256
16502a5eea8d788fc294b7795f5fbb8e10788df361d70d9e842df3f3fd81b775
-
SHA512
480b2152b2d1d150b9a0de99df0e74c1077e539cf911e59195f78c1b904882ee9ba24530c33f37defd850609881d6376e894e4a4fcbe16425b26adde3863140b
-
SSDEEP
384:SB+Sbj6NKW3c61lAHdk9GLqDuaywywVJvDKNrCeJE3WNg8/lPnWGrtHAUMQro3lP:IpWM61lwdT9wywVB45NJEGr49j
Malware Config
Extracted
Family
limerat
Attributes
-
aes_key
0790308
-
antivm
false
-
c2_url
https://pastebin.com/raw/ug38C3Hv
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Extracted
Family
limerat
Attributes
-
antivm
false
-
c2_url
https://pastebin.com/raw/ug38C3Hv
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 12 pastebin.com 13 pastebin.com -
Suspicious behavior: EnumeratesProcesses 36 IoCs
pid Process 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe 2336 Lime Rat.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 2336 Lime Rat.exe Token: SeDebugPrivilege 2336 Lime Rat.exe