limerat | ae305f441faf08f439a302b56ca00e7426160af15ca532dd1936e38f803fa286 | Triage

Sharing

General

Target

MailUpdate.exe
Size

69KB
Sample

240823-3c2rjavelr
MD5

37d1bc1bd7eeb6b549d265db4a56da20
SHA1

a93c42ade354b2a706450715deacdec728e898a9
SHA256

ae305f441faf08f439a302b56ca00e7426160af15ca532dd1936e38f803fa286
SHA512

21431f94b29cc7786c77da61d1f1e9ab51f1676ab383d679a52ff10db3ca27a3fe1c73ccf879de1c28d9e8a120578bba98af840cb3b32bffd2d325001188212f
SSDEEP

1536:OpgFwa5ttd8yfeUzIasLQxFm5gUWd+0LDyjofAWZgzR:8Iwa7bZfRaQzm9FIDyjoY5V

Score

10^/10

limerat discovery rat

Malware Config

Extracted

Family

limerat

Wallets

bc1qyej3qhu680rqc5akxac39r92g6a8g6r4708gyj

Attributes

aes_key
Test
antivm
true
c2_url
https://pastebin.com/raw/UPe1Arqg
delay
3
download_payload
false
install
true
install_name
system32s.exe
main_folder
AppData
pin_spread
true
sub_folder
\
usb_spread
true

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/UPe1Arqg
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  MailUpdate.exe
- Size
  
  69KB
- MD5
  
  37d1bc1bd7eeb6b549d265db4a56da20
- SHA1
  
  a93c42ade354b2a706450715deacdec728e898a9
- SHA256
  
  ae305f441faf08f439a302b56ca00e7426160af15ca532dd1936e38f803fa286
- SHA512
  
  21431f94b29cc7786c77da61d1f1e9ab51f1676ab383d679a52ff10db3ca27a3fe1c73ccf879de1c28d9e8a120578bba98af840cb3b32bffd2d325001188212f
- SSDEEP
  
  1536:OpgFwa5ttd8yfeUzIasLQxFm5gUWd+0LDyjofAWZgzR:8Iwa7bZfRaQzm9FIDyjoY5V
Score

10^/10

limerat discovery rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

limeratdiscoveryrat

behavioral2

limeratdiscoveryrat