limerat | 1bf99ff57e5e9ce74f1e53fb0642e40b5b100642e8c901ca8791e43e4f777941 | Triage

Sharing

General

Target

New-Client.exe
Size

28KB
Sample

240707-hx6wrswgln
MD5

84da46d931269545f71141e7b44c78b6
SHA1

72468bc577e9642e0f2c30cfe8b298c019f92a60
SHA256

1bf99ff57e5e9ce74f1e53fb0642e40b5b100642e8c901ca8791e43e4f777941
SHA512

8f897acd0b559d407ec2d9a4985f0579e14b58b9e4b2d252a62d0e433eb34549cf64918da1b799afe90e98e6098915805c3bfe3917df3895d3feba03dccb372b
SSDEEP

384:LB+Sbj6NKKR+6VFAHa0zCqDSsnejiZvDKNrCeJE3WNgh7zvdefzM2PoPnQro3lcv:1pKE6VFwabsneux45NkHvdezMT761j

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
4f2b3d5e6f7c9e2b5f4e3d1c2a3b6d8f9a7b6c3d
antivm
false
c2_url
https://pastebin.com/raw/d28E5Cx2
delay
3
download_payload
false
install
true
install_name
aidb.exe
main_folder
UserProfile
pin_spread
true
sub_folder
\sdfagre\
usb_spread
true

Targets

- Target
  
  New-Client.exe
- Size
  
  28KB
- MD5
  
  84da46d931269545f71141e7b44c78b6
- SHA1
  
  72468bc577e9642e0f2c30cfe8b298c019f92a60
- SHA256
  
  1bf99ff57e5e9ce74f1e53fb0642e40b5b100642e8c901ca8791e43e4f777941
- SHA512
  
  8f897acd0b559d407ec2d9a4985f0579e14b58b9e4b2d252a62d0e433eb34549cf64918da1b799afe90e98e6098915805c3bfe3917df3895d3feba03dccb372b
- SSDEEP
  
  384:LB+Sbj6NKKR+6VFAHa0zCqDSsnejiZvDKNrCeJE3WNgh7zvdefzM2PoPnQro3lcv:1pKE6VFwabsneux45NkHvdezMT761j
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1