limerat | ba85bfb947e994fef31ff3bfa1569192bd683a259b989997d46aa50389fc0d99 | Triage

Sharing

General

Target

bad2ec084ea758ffaee29bdfa308fd6f_JaffaCakes118
Size

117KB
Sample

240823-h7xe3s1fpg
MD5

bad2ec084ea758ffaee29bdfa308fd6f
SHA1

498bfa6f710863b7436860dab7170f0974a9aa04
SHA256

ba85bfb947e994fef31ff3bfa1569192bd683a259b989997d46aa50389fc0d99
SHA512

8a1d252b1de928954156341998f7d07801868ebac0ce4275b972a849a623209358f339b290d9e42ec2538df23464b21a135c99490b6ae32b881e2dba88e148b1
SSDEEP

3072:ZIkuTX06IqC7YyG1CsZN2AtztkLr8Pztspg8huVL:u/ZCkydFXGAg

Score

10^/10

limerat discovery rat

Malware Config

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/SKyptWbF
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  bad2ec084ea758ffaee29bdfa308fd6f_JaffaCakes118
- Size
  
  117KB
- MD5
  
  bad2ec084ea758ffaee29bdfa308fd6f
- SHA1
  
  498bfa6f710863b7436860dab7170f0974a9aa04
- SHA256
  
  ba85bfb947e994fef31ff3bfa1569192bd683a259b989997d46aa50389fc0d99
- SHA512
  
  8a1d252b1de928954156341998f7d07801868ebac0ce4275b972a849a623209358f339b290d9e42ec2538df23464b21a135c99490b6ae32b881e2dba88e148b1
- SSDEEP
  
  3072:ZIkuTX06IqC7YyG1CsZN2AtztkLr8Pztspg8huVL:u/ZCkydFXGAg
Score

10^/10

limerat discovery rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

limeratdiscoveryrat

behavioral2

limeratdiscoveryrat