General
-
Target
cc831ad19cbc20cb70449e19ff022b21_JaffaCakes118
-
Size
584KB
-
Sample
240831-ktvqfavhmc
-
MD5
cc831ad19cbc20cb70449e19ff022b21
-
SHA1
1f785bded0c389b6c97f11fbb9a406f449b346e5
-
SHA256
987b518b7a461694585044a73f4121f88faf5ff4b6ab9575cbeb717f802fc606
-
SHA512
00b2f40ded61b4afde9f33f2f58ee7592b7e97353c0514ca8b0a91b8fe91079fd839d678a6366c3b4f5b16da011bd59ad11507e371002777ffb184fd04833e36
-
SSDEEP
6144:bx0hyohN0XRCznwhh4MRf6kiJtRHdodiBO/CW5tDGGIXrF34WGmaRvpaik5dWJPY:aZ0hOnahrCrtxKdiBiCut1IXGWsp+u
Malware Config
Extracted
limerat
359Z6KxMenwvgkA7vpGeBtinJPTj5raZz8
-
aes_key
arglobal
-
antivm
false
-
c2_url
https://pastebin.com/raw/CV5RHE9G
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/CV5RHE9G
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
cc831ad19cbc20cb70449e19ff022b21_JaffaCakes118
-
Size
584KB
-
MD5
cc831ad19cbc20cb70449e19ff022b21
-
SHA1
1f785bded0c389b6c97f11fbb9a406f449b346e5
-
SHA256
987b518b7a461694585044a73f4121f88faf5ff4b6ab9575cbeb717f802fc606
-
SHA512
00b2f40ded61b4afde9f33f2f58ee7592b7e97353c0514ca8b0a91b8fe91079fd839d678a6366c3b4f5b16da011bd59ad11507e371002777ffb184fd04833e36
-
SSDEEP
6144:bx0hyohN0XRCznwhh4MRf6kiJtRHdodiBO/CW5tDGGIXrF34WGmaRvpaik5dWJPY:aZ0hOnahrCrtxKdiBiCut1IXGWsp+u
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-