General
-
Target
ceca4ad3a264bb47c499b1fd9ac2d89e70ecda197164742be6e3c57d30a3bde7.exe
-
Size
245KB
-
Sample
240609-lafmvahd32
-
MD5
537a30bc79e3d7beb31da053f09d6f67
-
SHA1
d9dac6725bf93e9c700ab76601be7afd76a35193
-
SHA256
ceca4ad3a264bb47c499b1fd9ac2d89e70ecda197164742be6e3c57d30a3bde7
-
SHA512
987aad35c946117559411589cc4ea0cfd1d7fdced71f0ab71e520f0ace33224e71a938fd1b9d5bd9c60989e05594d78cbd2953d510b68e36204955019c26b032
-
SSDEEP
6144:qs1k2QWeQ8njlf1owqQzQOydT81lxBt25:TO3WeVpvcOye/xBt
Malware Config
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/6bPeUTd1
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
ceca4ad3a264bb47c499b1fd9ac2d89e70ecda197164742be6e3c57d30a3bde7.exe
-
Size
245KB
-
MD5
537a30bc79e3d7beb31da053f09d6f67
-
SHA1
d9dac6725bf93e9c700ab76601be7afd76a35193
-
SHA256
ceca4ad3a264bb47c499b1fd9ac2d89e70ecda197164742be6e3c57d30a3bde7
-
SHA512
987aad35c946117559411589cc4ea0cfd1d7fdced71f0ab71e520f0ace33224e71a938fd1b9d5bd9c60989e05594d78cbd2953d510b68e36204955019c26b032
-
SSDEEP
6144:qs1k2QWeQ8njlf1owqQzQOydT81lxBt25:TO3WeVpvcOye/xBt
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-