Overview

overview

10

Static

static

3

c9101aac91...13.exe

windows7-x64

10

c9101aac91...13.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    44fa1f9ac8f550bdf35405c89d1509f3.bin

  • Size

    149KB

  • Sample

    240611-chlpds1bjj

  • MD5

    d8603fe3ba7ddad94adfe098bb6088cf

  • SHA1

    755a5e6cc6931c8d748d23f0e73fff2bec9bbfbb

  • SHA256

    63ab3ed97e8678fc1e018d9a82d94d70ca8e0aa575999dfe9c5bff6d6e32be8b

  • SHA512

    d1aa095e232fd053b866f38a24a8c70c9c0e0ac067182b86fffcd3e08f9f015f1c3bccc553527766e8b44678c60a21d0b8fc98f83fc62edc6e4e9e75054d7d22

  • SSDEEP

    3072:EXaA6PoqwHxotnblOPHtgdn+KmvY2NnlTmCgtJXK51+9:EXNbrCt5yHtkn+KmvjTmCgtJXK2

Score
10/10
limeratrat

Malware Config

Extracted

Family

limerat

Attributes
  • antivm

    false

  • c2_url

    https://pastebin.com/raw/6bPeUTd1

  • download_payload

    false

  • install

    false

  • pin_spread

    false

  • usb_spread

    false

Targets

    • Target

      c9101aac915418735b74d5120cae0cdef803555d9a8399cf9ee5457d5c790513.exe

    • Size

      296KB

    • MD5

      44fa1f9ac8f550bdf35405c89d1509f3

    • SHA1

      6cd17ba8d06ef044fe6d788574a73d2522c3ae8a

    • SHA256

      c9101aac915418735b74d5120cae0cdef803555d9a8399cf9ee5457d5c790513

    • SHA512

      563f6300815482ce825eb2760bf63cbbdd3327b093a6d2648ffbc25365a9b9d62bd79564d106114a35ce188074615281c5487db65e0c4aa9764d7f7c226eb53a

    • SSDEEP

      6144:7X5aN9UzT0jeayOka2IssdyIvh0QHOxBt25:FU+zbayOka1dyIvOoOxBt

    Score
    10/10
    limeratrat

    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

      ratlimerat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks