General

  • Target

    4d22cfac14da3907e94b3825ac4875b5_JaffaCakes118

  • Size

    116KB

  • Sample

    240716-g2xyzs1fmb

  • MD5

    4d22cfac14da3907e94b3825ac4875b5

  • SHA1

    4cb321980a55116ba0d35b21aaf1fe7e08250e70

  • SHA256

    e01a285adbb9fd9e374eb939ae1f0685a10e2ceb480d8e8b88c88575c0a5b698

  • SHA512

    8a20b57040873d11aa35cf3dbd8d25888cd7dc0ff3577697f085b6d96e00b4a04b2f0b52950dd90f45883cfb382fffde4c8cad9dbec9e72710e702847f9c2733

  • SSDEEP

    3072:2x7XWKnCVQPF2UnX2mkpzT2qWWYQhRrKH:28KCy/nVkBdDx

Score
10/10

Malware Config

Extracted

Family

limerat

Attributes
  • aes_key

    killisrael

  • antivm

    false

  • c2_url

    https://pastebin.com/raw/v9J7B6vz

  • delay

    3

  • download_payload

    false

  • install

    true

  • install_name

    killisrael.exe

  • main_folder

    Temp

  • pin_spread

    false

  • sub_folder

    \

  • usb_spread

    false

Extracted

Family

limerat

Attributes
  • antivm

    false

  • c2_url

    https://pastebin.com/raw/v9J7B6vz

  • download_payload

    false

  • install

    false

  • pin_spread

    false

  • usb_spread

    false

Targets

    • Target

      4d22cfac14da3907e94b3825ac4875b5_JaffaCakes118

    • Size

      116KB

    • MD5

      4d22cfac14da3907e94b3825ac4875b5

    • SHA1

      4cb321980a55116ba0d35b21aaf1fe7e08250e70

    • SHA256

      e01a285adbb9fd9e374eb939ae1f0685a10e2ceb480d8e8b88c88575c0a5b698

    • SHA512

      8a20b57040873d11aa35cf3dbd8d25888cd7dc0ff3577697f085b6d96e00b4a04b2f0b52950dd90f45883cfb382fffde4c8cad9dbec9e72710e702847f9c2733

    • SSDEEP

      3072:2x7XWKnCVQPF2UnX2mkpzT2qWWYQhRrKH:28KCy/nVkBdDx

    Score
    10/10
    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks