General
-
Target
6fb99828380efda6fb357be8e59524f6_JaffaCakes118
-
Size
90KB
-
Sample
240725-qhp9gatcrh
-
MD5
6fb99828380efda6fb357be8e59524f6
-
SHA1
94a3911a1813273e7464e030b6a52859f62dd1f4
-
SHA256
0c34a4722c74afd100e8d59d69d21da8b9c1cd813663b9ba5c55737e6f6170ad
-
SHA512
9e6729262f38f3f200309e5ed810b5899adda6295411d20883445c55095f16df63eef44b6d0951ee8fb66e39dc74e8fcab7874576ff88500ae825b1b8c1b21ed
-
SSDEEP
1536:oaHn4JUoKrukjj11ZeCBlLD3J2BzUTbimNzBKi570rdYHBYAkodUMTQeoNw4ndFw:LHCu7jjFZ1LA4bvzBNQk2AxdrTQeoNwl
Malware Config
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/SKyptWbF
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
6fb99828380efda6fb357be8e59524f6_JaffaCakes118
-
Size
90KB
-
MD5
6fb99828380efda6fb357be8e59524f6
-
SHA1
94a3911a1813273e7464e030b6a52859f62dd1f4
-
SHA256
0c34a4722c74afd100e8d59d69d21da8b9c1cd813663b9ba5c55737e6f6170ad
-
SHA512
9e6729262f38f3f200309e5ed810b5899adda6295411d20883445c55095f16df63eef44b6d0951ee8fb66e39dc74e8fcab7874576ff88500ae825b1b8c1b21ed
-
SSDEEP
1536:oaHn4JUoKrukjj11ZeCBlLD3J2BzUTbimNzBKi570rdYHBYAkodUMTQeoNw4ndFw:LHCu7jjFZ1LA4bvzBNQk2AxdrTQeoNwl
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-