General

  • Target

    8d4fc7d9b7f9ae031db6ac350af49861_JaffaCakes118

  • Size

    39KB

  • Sample

    240602-jbmrfafe98

  • MD5

    8d4fc7d9b7f9ae031db6ac350af49861

  • SHA1

    a57c563cc8406ef2ea4a8ad94972f039f053026e

  • SHA256

    3637dfa2d64efeaf36903e17bacd8f832dee3e6d12e3414fd55fed4311498796

  • SHA512

    900e577c29f2976604805420ffd2fad6848657ba408e61dd8883bee55146ce229728527ebdbad2cf12b30b81232345e03761d02f1f0e2301de4de5154d2f6e87

  • SSDEEP

    768:f0tIvRpRaIMLwZ7nPU8dKSPhfVJfQD/yLZlWXKwsl:f0CvDgIvZ7nPXKg3JfqaFlR

Score
10/10

Malware Config

Extracted

Family

limerat

Attributes
  • aes_key

    pysenuu

  • antivm

    false

  • c2_url

    https://pastebin.com/raw/smgAS6SG

  • delay

    3

  • download_payload

    false

  • install

    false

  • install_name

    Wservices.exe

  • main_folder

    Temp

  • pin_spread

    false

  • sub_folder

    \

  • usb_spread

    false

Extracted

Family

limerat

Attributes
  • antivm

    false

  • c2_url

    https://pastebin.com/raw/smgAS6SG

  • download_payload

    false

  • install

    false

  • pin_spread

    false

  • usb_spread

    false

Targets

    • Target

      8d4fc7d9b7f9ae031db6ac350af49861_JaffaCakes118

    • Size

      39KB

    • MD5

      8d4fc7d9b7f9ae031db6ac350af49861

    • SHA1

      a57c563cc8406ef2ea4a8ad94972f039f053026e

    • SHA256

      3637dfa2d64efeaf36903e17bacd8f832dee3e6d12e3414fd55fed4311498796

    • SHA512

      900e577c29f2976604805420ffd2fad6848657ba408e61dd8883bee55146ce229728527ebdbad2cf12b30b81232345e03761d02f1f0e2301de4de5154d2f6e87

    • SSDEEP

      768:f0tIvRpRaIMLwZ7nPU8dKSPhfVJfQD/yLZlWXKwsl:f0CvDgIvZ7nPXKg3JfqaFlR

    Score
    10/10
    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks