General
-
Target
cceb4219605d30c23efe121068055a31_JaffaCakes118
-
Size
787KB
-
Sample
240831-q6dwcaxanc
-
MD5
cceb4219605d30c23efe121068055a31
-
SHA1
e2aa3e61e3c6a571b6b3ad36478f0e906e58212f
-
SHA256
342b2e3b3e756eb046794a12c10567d04e8255f096e616f40129025968d8f2a5
-
SHA512
ecaedde80486a0a17a9230c4fbeafeaccaa1ab6607a109fe8b763027365d1b9504e58e7147aa1e52bc30aa02e36a51e3a9ebd39e2801c8e445bc1bf487862650
-
SSDEEP
12288:zyR17vTjQvEbeCN25ITN3FRqpfC4HZ9a2zHCQnit/MMukucsy55WMBWzmyjvMdS2:q1/svEb/uHZZmiiOMRuvkU8OzlN6
Malware Config
Extracted
limerat
-
aes_key
jack
-
antivm
false
-
c2_url
https://pastebin.com/raw/YtyeDvFZ
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/YtyeDvFZ
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
cceb4219605d30c23efe121068055a31_JaffaCakes118
-
Size
787KB
-
MD5
cceb4219605d30c23efe121068055a31
-
SHA1
e2aa3e61e3c6a571b6b3ad36478f0e906e58212f
-
SHA256
342b2e3b3e756eb046794a12c10567d04e8255f096e616f40129025968d8f2a5
-
SHA512
ecaedde80486a0a17a9230c4fbeafeaccaa1ab6607a109fe8b763027365d1b9504e58e7147aa1e52bc30aa02e36a51e3a9ebd39e2801c8e445bc1bf487862650
-
SSDEEP
12288:zyR17vTjQvEbeCN25ITN3FRqpfC4HZ9a2zHCQnit/MMukucsy55WMBWzmyjvMdS2:q1/svEb/uHZZmiiOMRuvkU8OzlN6
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-