General
-
Target
63380c572eac88aef5616334fa06f9e1_JaffaCakes118
-
Size
89KB
-
Sample
240722-ppk3nayclk
-
MD5
63380c572eac88aef5616334fa06f9e1
-
SHA1
8905b6d482de02c095ec3d0d7e5a81b1c487c9a0
-
SHA256
75a1081e0bce1d4ec8dc772f38a128f0a97c18637f9b83bfc5d035263eadab99
-
SHA512
8c9a6e5c5748a745a990589f723cba5aaf8d9ab2e0a12181f80e694f719babe056b33f427061e383689ccda263abd478e9264709e8af80675bed30baf5a6a895
-
SSDEEP
1536:7LXlA3C0+BGV1j9Po2rV9KL/74pYMHfkpumnxGeHfu/QW:7Lg9lV1ZPo2rV9K7Y8pumMSfuYW
Malware Config
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/v9J7B6vz
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
63380c572eac88aef5616334fa06f9e1_JaffaCakes118
-
Size
89KB
-
MD5
63380c572eac88aef5616334fa06f9e1
-
SHA1
8905b6d482de02c095ec3d0d7e5a81b1c487c9a0
-
SHA256
75a1081e0bce1d4ec8dc772f38a128f0a97c18637f9b83bfc5d035263eadab99
-
SHA512
8c9a6e5c5748a745a990589f723cba5aaf8d9ab2e0a12181f80e694f719babe056b33f427061e383689ccda263abd478e9264709e8af80675bed30baf5a6a895
-
SSDEEP
1536:7LXlA3C0+BGV1j9Po2rV9KL/74pYMHfkpumnxGeHfu/QW:7Lg9lV1ZPo2rV9K7Y8pumMSfuYW
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-