General
-
Target
0cb9b66451ba728bd3edf2e34404289d_JaffaCakes118
-
Size
63KB
-
Sample
240625-fxar8ascmd
-
MD5
0cb9b66451ba728bd3edf2e34404289d
-
SHA1
e2c2472aca5fe1cf9716b60e871a73ebabcca6a5
-
SHA256
1643f09345a88923f4d9fdb38bcec093b7f9a58a17f3dd2e15077fc159f830a1
-
SHA512
d69d6b091d50d7953dd259609a7ff1818830df19e8a466ea368df29d526e6d79319f2e911c77025c53b52bdcebeec8b71cb9506e127fbb0b6819220bcd6f61e3
-
SSDEEP
1536:UIOz8GV42czcvMeO7aJ8nJ2P9WKjK0EzRVJSadmBni9E4:Q4H4CaJmA1Ww2HNdmk9D
Malware Config
Extracted
limerat
-
aes_key
pundek
-
antivm
false
-
c2_url
https://pastebin.com/raw/7sALhsP2
-
delay
3
-
download_payload
false
-
install
true
-
install_name
Secure.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/7sALhsP2
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
0cb9b66451ba728bd3edf2e34404289d_JaffaCakes118
-
Size
63KB
-
MD5
0cb9b66451ba728bd3edf2e34404289d
-
SHA1
e2c2472aca5fe1cf9716b60e871a73ebabcca6a5
-
SHA256
1643f09345a88923f4d9fdb38bcec093b7f9a58a17f3dd2e15077fc159f830a1
-
SHA512
d69d6b091d50d7953dd259609a7ff1818830df19e8a466ea368df29d526e6d79319f2e911c77025c53b52bdcebeec8b71cb9506e127fbb0b6819220bcd6f61e3
-
SSDEEP
1536:UIOz8GV42czcvMeO7aJ8nJ2P9WKjK0EzRVJSadmBni9E4:Q4H4CaJmA1Ww2HNdmk9D
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-