limerat | d6b4addbbc47751482b51bed504f390734bcb23f96936314a8a91e8dcfe47878 | Triage

Sharing

General

Target

IDM+Crack+ver_rar.rar
Size

313KB
Sample

240817-t6qfxsvhqh
MD5

a8dc32243e08a3fe992ac394cfad6015
SHA1

e7eeaefa814c1ded4c56cb34c2c08a9bf8408683
SHA256

d6b4addbbc47751482b51bed504f390734bcb23f96936314a8a91e8dcfe47878
SHA512

60ee3036e36cfe87d1e7fc5664f0edbfbeefa564b02493ab69636de7ab2c1da2487094b5620f66157b633a5f498bfae36952664bf718d00602d209ee2b02193a
SSDEEP

6144:Jd9MBRRcVwn4vPlvSEJ7Zg5DTKYMGF6ugkYjp7VbygVM0zBGGZ+0u9rXYNHy:Jd632HlvSIZ8DTKYMO6utYjvNq0zB5Cx

Score

10^/10

limerat discovery persistence rat

Malware Config

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/DDTVwwbu
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  IDM Crack ver_rar.scr
- Size
  
  374KB
- MD5
  
  fb829a18b62699e01513a237707de26f
- SHA1
  
  b52801a885e81570724c681f639aba188e3241e2
- SHA256
  
  c80bc3e65ac5ef54a14ccd38165fdce161ca5caae8c2c0dbc17deb7134b177f2
- SHA512
  
  1fe630ae89e02243e2a595129c8763fbb1063491ee11c8ce7819eb37e88dc2fbf5ee6a780099341da8c75510131745db67a56cf6548e05096200cdeb001b9388
- SSDEEP
  
  6144:kcxBAVFqZOt58d2cBbz0tcyVPeqPRgetQjQCItnWUTusvy00uWiqNCf:L/AViOn84cBv0XWiQjQCItn/ouW9C
Score

10^/10

limerat discovery persistence rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

limeratdiscoverypersistencerat

behavioral2

limeratdiscoverypersistencerat

behavioral3

limeratdiscoverypersistencerat

behavioral4

limeratdiscoverypersistencerat