Overview

overview

10

Static

static

3

9db92ead87...18.exe

windows7-x64

8

9db92ead87...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9db92ead87f1de645a719a3833149ab2_JaffaCakes118

  • Size

    1.7MB

  • Sample

    240816-kwk9sawbqf

  • MD5

    9db92ead87f1de645a719a3833149ab2

  • SHA1

    bcb4a1b97ded4cbe4cadd6e7f9719b2322618901

  • SHA256

    2b54039195a45d011a466289c920009afbd276de9f9ab8858b62cb6de1961ed0

  • SHA512

    ade5ee81536dc86d226580a308dda14c241fa51fb589cbb92f4105c58c738422ba9620a8c2bb27f144e904b75ade06b8cac76f741c26125de69cf06b1c4d250f

  • SSDEEP

    24576:gk70TrcTv8GaBoLpvX843rTcIM9C8kCRGlSnLvBCUetcSRTFG6UUZN1oda2F4Q77:gkQTAjrJ8Mrg19nLj+dWdaYBJn

Score
10/10
limeratdiscoveryexecutionrat

Malware Config

Targets

    • Target

      9db92ead87f1de645a719a3833149ab2_JaffaCakes118

    • Size

      1.7MB

    • MD5

      9db92ead87f1de645a719a3833149ab2

    • SHA1

      bcb4a1b97ded4cbe4cadd6e7f9719b2322618901

    • SHA256

      2b54039195a45d011a466289c920009afbd276de9f9ab8858b62cb6de1961ed0

    • SHA512

      ade5ee81536dc86d226580a308dda14c241fa51fb589cbb92f4105c58c738422ba9620a8c2bb27f144e904b75ade06b8cac76f741c26125de69cf06b1c4d250f

    • SSDEEP

      24576:gk70TrcTv8GaBoLpvX843rTcIM9C8kCRGlSnLvBCUetcSRTFG6UUZN1oda2F4Q77:gkQTAjrJ8Mrg19nLj+dWdaYBJn

    Score
    10/10
    discoveryexecutionlimeratrat

    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

      ratlimerat

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks