Overview

overview

10

Static

static

3

c9101aac91...13.exe

windows7-x64

10

c9101aac91...13.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c9101aac915418735b74d5120cae0cdef803555d9a8399cf9ee5457d5c790513.exe

  • Size

    296KB

  • Sample

    240610-sggbaa1dnl

  • MD5

    44fa1f9ac8f550bdf35405c89d1509f3

  • SHA1

    6cd17ba8d06ef044fe6d788574a73d2522c3ae8a

  • SHA256

    c9101aac915418735b74d5120cae0cdef803555d9a8399cf9ee5457d5c790513

  • SHA512

    563f6300815482ce825eb2760bf63cbbdd3327b093a6d2648ffbc25365a9b9d62bd79564d106114a35ce188074615281c5487db65e0c4aa9764d7f7c226eb53a

  • SSDEEP

    6144:7X5aN9UzT0jeayOka2IssdyIvh0QHOxBt25:FU+zbayOka1dyIvOoOxBt

Score
10/10
limeratrat

Malware Config

Extracted

Family

limerat

Attributes
  • antivm

    false

  • c2_url

    https://pastebin.com/raw/6bPeUTd1

  • download_payload

    false

  • install

    false

  • pin_spread

    false

  • usb_spread

    false

Targets

    • Target

      c9101aac915418735b74d5120cae0cdef803555d9a8399cf9ee5457d5c790513.exe

    • Size

      296KB

    • MD5

      44fa1f9ac8f550bdf35405c89d1509f3

    • SHA1

      6cd17ba8d06ef044fe6d788574a73d2522c3ae8a

    • SHA256

      c9101aac915418735b74d5120cae0cdef803555d9a8399cf9ee5457d5c790513

    • SHA512

      563f6300815482ce825eb2760bf63cbbdd3327b093a6d2648ffbc25365a9b9d62bd79564d106114a35ce188074615281c5487db65e0c4aa9764d7f7c226eb53a

    • SSDEEP

      6144:7X5aN9UzT0jeayOka2IssdyIvh0QHOxBt25:FU+zbayOka1dyIvOoOxBt

    Score
    10/10
    limeratrat

    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

      ratlimerat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks