General
-
Target
1580de07812e8327fa45cac871a7d0fa_JaffaCakes118
-
Size
89KB
-
Sample
240627-ljje4axbjq
-
MD5
1580de07812e8327fa45cac871a7d0fa
-
SHA1
887c01ee1254c93b2506ffdaa97b9833e454b5f9
-
SHA256
b7a2082ded2f96c5d5ad618b0368ff4530c4bed5594217b8a8e8d0de7c346873
-
SHA512
8ad94a2da86d9f6f478e04ec36fe7a33ad4f7df0bf14f19e987c6d2b508b1c9f06431b38ecb66db9c632d9a4727286e175585b3061b4be2ad0db36f1c3c4fed6
-
SSDEEP
1536:LxeLXlA3C0+BGV1j9Po2rV9KL/74pYMHfkpumnxGeHfuS:LALg9lV1ZPo2rV9K7Y8pumMSfuS
Malware Config
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/v9J7B6vz
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
1580de07812e8327fa45cac871a7d0fa_JaffaCakes118
-
Size
89KB
-
MD5
1580de07812e8327fa45cac871a7d0fa
-
SHA1
887c01ee1254c93b2506ffdaa97b9833e454b5f9
-
SHA256
b7a2082ded2f96c5d5ad618b0368ff4530c4bed5594217b8a8e8d0de7c346873
-
SHA512
8ad94a2da86d9f6f478e04ec36fe7a33ad4f7df0bf14f19e987c6d2b508b1c9f06431b38ecb66db9c632d9a4727286e175585b3061b4be2ad0db36f1c3c4fed6
-
SSDEEP
1536:LxeLXlA3C0+BGV1j9Po2rV9KL/74pYMHfkpumnxGeHfuS:LALg9lV1ZPo2rV9K7Y8pumMSfuS
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-