limerat | 90666fed3631675941ebf68c15b33f638b843c67186c721c78b23a8f14c64df2 | Triage

Sharing

General

Target

c8579d000303523ecbd7ef6c242ff2b7_JaffaCakes118
Size

209KB
Sample

240829-gv3kwsxbre
MD5

c8579d000303523ecbd7ef6c242ff2b7
SHA1

3a20370d04f12970ed65e263398f7e23020b7c7b
SHA256

90666fed3631675941ebf68c15b33f638b843c67186c721c78b23a8f14c64df2
SHA512

73bc01a4d0289f1e8e64453a454eb759de602a5949e2054482dcf20d2b0cc04ea6b92cb947fb450ab66dc87b7862633c3e62c3871b695e5173a145e57df78a43
SSDEEP

3072:EvwtMgkqYnB3nPWlVgtCKQ0UUVUUXjNBv2t5DkfM:GlxNnEKQKot

Score

10^/10

limerat discovery rat

Malware Config

Extracted

Family

limerat

Wallets

12fv8N11Mq2fpT2pXibTZiJCJAXkDsGFRq

Attributes

aes_key
123
antivm
false
c2_url
https://pastebin.com/raw/rYAhJUcU
delay
3
download_payload
false
install
true
install_name
test.exe
main_folder
Temp
pin_spread
false
sub_folder
\
usb_spread
false

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/rYAhJUcU
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  c8579d000303523ecbd7ef6c242ff2b7_JaffaCakes118
- Size
  
  209KB
- MD5
  
  c8579d000303523ecbd7ef6c242ff2b7
- SHA1
  
  3a20370d04f12970ed65e263398f7e23020b7c7b
- SHA256
  
  90666fed3631675941ebf68c15b33f638b843c67186c721c78b23a8f14c64df2
- SHA512
  
  73bc01a4d0289f1e8e64453a454eb759de602a5949e2054482dcf20d2b0cc04ea6b92cb947fb450ab66dc87b7862633c3e62c3871b695e5173a145e57df78a43
- SSDEEP
  
  3072:EvwtMgkqYnB3nPWlVgtCKQ0UUVUUXjNBv2t5DkfM:GlxNnEKQKot
Score

10^/10

limerat discovery rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

limeratdiscoveryrat

behavioral2

limeratdiscoveryrat