General

  • Target

    442d38dd58513f6a0de7da51976b4839_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240714-ec5lesvhkp

  • MD5

    442d38dd58513f6a0de7da51976b4839

  • SHA1

    58676f0f25a6b7bed1f740e9c092570c4eb4d096

  • SHA256

    9a541f72be5b468a4045c8dcefb9eb96ab1b1d864b51e3946b52544ff3078c22

  • SHA512

    307047530d41fd9d6e48c782a60ef0f2bfd3c000e3168accf5515aa3ff177a1cd045a79288affe593d9373b9dd028e9d6887ad425c8d2b21ebef04036152c045

  • SSDEEP

    24576:Do2nuQAXlNcyezFS8aFgwd8TD28I494VdwZYnYfoxRyUmItl:nnnANex76A94VdwAY0yAtl

Score
10/10

Malware Config

Extracted

Family

limerat

Attributes
  • antivm

    false

  • c2_url

    https://pastebin.com/raw/SKyptWbF

  • download_payload

    false

  • install

    false

  • pin_spread

    false

  • usb_spread

    false

Targets

    • Target

      442d38dd58513f6a0de7da51976b4839_JaffaCakes118

    • Size

      1.1MB

    • MD5

      442d38dd58513f6a0de7da51976b4839

    • SHA1

      58676f0f25a6b7bed1f740e9c092570c4eb4d096

    • SHA256

      9a541f72be5b468a4045c8dcefb9eb96ab1b1d864b51e3946b52544ff3078c22

    • SHA512

      307047530d41fd9d6e48c782a60ef0f2bfd3c000e3168accf5515aa3ff177a1cd045a79288affe593d9373b9dd028e9d6887ad425c8d2b21ebef04036152c045

    • SSDEEP

      24576:Do2nuQAXlNcyezFS8aFgwd8TD28I494VdwZYnYfoxRyUmItl:nnnANex76A94VdwAY0yAtl

    Score
    10/10
    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks