Extracted

• • Target

    954971e1c8396ce56c5d464452875100N

  • Size

    472KB

  • MD5

    954971e1c8396ce56c5d464452875100

  • SHA1

    86d2397020879e121f593f00643be26868400fab

  • SHA256

    b40b35a8c561d796e8a538011d8958b6e1c47bae5facdbfefb1c6e46d7124ff7

  • SHA512

    e2ebd1e33dd47bfbf74fbf05aa1ed69998a2a6136eb894ce0fcb6005f7b6748bf5229c0395d846d58ebc247587732bd0f228d411049a79f2299f9aef9b3fa258

  • SSDEEP

    12288:O8Tq6SC6h4pLz/EEezAClaFvg5o/Yoqki2ToKI2pFd3/FmkR2iN/2iN7f:zzJCAOfghb1J1

  Score

  10^/10

  limeratdiscoveryrat

  • LimeRAT

    Simple yet powerful RAT for Windows machines written in .NET.

    ratlimerat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2