Overview

overview

10

Static

static

10

Rat Testin...at.exe

windows10-2004-x64

10

Rat Testin...at.exe

windows10-2004-x64

Resubmissions

30-05-2024 12:32

240530-pqnj6shh93 10

30-05-2024 12:29

240530-pny8wshh46 10

Analysis

  • max time kernel
    302s
  • max time network
    306s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-05-2024 12:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Rat Testing/Lime Rat.exe

  • Size

    28KB

  • MD5

    457d2e2fabc4243730eb308bb0f4e073

  • SHA1

    7f17f6124dd7271723887350e406240888566db7

  • SHA256

    16502a5eea8d788fc294b7795f5fbb8e10788df361d70d9e842df3f3fd81b775

  • SHA512

    480b2152b2d1d150b9a0de99df0e74c1077e539cf911e59195f78c1b904882ee9ba24530c33f37defd850609881d6376e894e4a4fcbe16425b26adde3863140b

  • SSDEEP

    384:SB+Sbj6NKW3c61lAHdk9GLqDuaywywVJvDKNrCeJE3WNg8/lPnWGrtHAUMQro3lP:IpWM61lwdT9wywVB45NJEGr49j

Score
10/10
limeratrat

Malware Config

Extracted

Family

limerat

Attributes
  • aes_key

    0790308

  • antivm

    false

  • c2_url

    https://pastebin.com/raw/ug38C3Hv

  • delay

    3

  • download_payload

    false

  • install

    false

  • install_name

    Wservices.exe

  • main_folder

    Temp

  • pin_spread

    false

  • sub_folder

    \

  • usb_spread

    false

Extracted

Family

limerat

Attributes
  • antivm

    false

  • c2_url

    https://pastebin.com/raw/ug38C3Hv

  • download_payload

    false

  • install

    false

  • pin_spread

    false

  • usb_spread

    false

Signatures

  • LimeRAT

    Simple yet powerful RAT for Windows machines written in .NET.

    ratlimerat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 36 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Rat Testing\Lime Rat.exe
    "C:\Users\Admin\AppData\Local\Temp\Rat Testing\Lime Rat.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2336

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2336-0-0x000000007509E000-0x000000007509F000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2336-1-0x0000000000780000-0x000000000078C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/2336-2-0x0000000005180000-0x000000000521C000-memory.dmp
    Filesize

    624KB

    Download
  • memory/2336-3-0x00000000050E0000-0x0000000005146000-memory.dmp
    Filesize

    408KB

    Download
  • memory/2336-4-0x0000000075090000-0x0000000075840000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/2336-5-0x0000000005F60000-0x0000000006504000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/2336-6-0x0000000007150000-0x00000000071E2000-memory.dmp
    Filesize

    584KB

    Download
  • memory/2336-7-0x000000007509E000-0x000000007509F000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2336-8-0x0000000075090000-0x0000000075840000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/2336-9-0x0000000001030000-0x000000000103A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/2336-11-0x0000000075090000-0x0000000075840000-memory.dmp
    Filesize

    7.7MB

    Download