General
-
Target
522c91c145451787b1ab02d9c34293fb_JaffaCakes118
-
Size
903KB
-
Sample
240717-j8n1rsselk
-
MD5
522c91c145451787b1ab02d9c34293fb
-
SHA1
fd1551bc06a9320ce3552d5f91b1396543a5ce0e
-
SHA256
8208318d614b3d51d47a634a6d7ddc60d2d40732b0d51460ff78df5d7cd49124
-
SHA512
17dd1be9904ad5984dfb3f338ea7c2f79f719817067e4cf701c9275e062901fd3e0263863092b28dc114348bc7513c654017d83c08547d4a65bbe4da40d85f28
-
SSDEEP
24576:DAHnh+eWsN3skA4RV1Hom2KXMmHalXWAA5:Oh+ZkldoPK8Yalc
Malware Config
Extracted
limerat
1JBKLGyE6AnRGvk92A8x3m8qmXfh3fcEty
-
aes_key
nulled
-
antivm
true
-
c2_url
https://pastebin.com/raw/cXuQ0V20
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Winservices.exe
-
main_folder
AppData
-
pin_spread
false
-
sub_folder
\Services\
-
usb_spread
true
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/cXuQ0V20
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
522c91c145451787b1ab02d9c34293fb_JaffaCakes118
-
Size
903KB
-
MD5
522c91c145451787b1ab02d9c34293fb
-
SHA1
fd1551bc06a9320ce3552d5f91b1396543a5ce0e
-
SHA256
8208318d614b3d51d47a634a6d7ddc60d2d40732b0d51460ff78df5d7cd49124
-
SHA512
17dd1be9904ad5984dfb3f338ea7c2f79f719817067e4cf701c9275e062901fd3e0263863092b28dc114348bc7513c654017d83c08547d4a65bbe4da40d85f28
-
SSDEEP
24576:DAHnh+eWsN3skA4RV1Hom2KXMmHalXWAA5:Oh+ZkldoPK8Yalc
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-