General
-
Target
e8bddd761801f872c60619074a3b32c3_JaffaCakes118
-
Size
185KB
-
Sample
240918-krq98ssbnc
-
MD5
e8bddd761801f872c60619074a3b32c3
-
SHA1
e4e29f5ba3310e9e182f5d44c75b5a33424dfaef
-
SHA256
c1e36a1edfbf3dcc0ed8b7ef724869cd60866b5690244534057294e16950856c
-
SHA512
119a0f2838106bd7665b16f352f78f6bb5e6821c0b409a01fb191c0b23069ecec7eae395c380e5ab4b1f1d3ed909a77e0a058f95b75b2c3cf1c5d36a39e1ea7a
-
SSDEEP
3072:hIBxE0QYx6FEsIeWrqdEHCCkSyfQAWQN8gVdjG35vTvTTkH:qPE08FvVdEB0f/pN8IavTcH
Malware Config
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/q0iUEtJS
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
e8bddd761801f872c60619074a3b32c3_JaffaCakes118
-
Size
185KB
-
MD5
e8bddd761801f872c60619074a3b32c3
-
SHA1
e4e29f5ba3310e9e182f5d44c75b5a33424dfaef
-
SHA256
c1e36a1edfbf3dcc0ed8b7ef724869cd60866b5690244534057294e16950856c
-
SHA512
119a0f2838106bd7665b16f352f78f6bb5e6821c0b409a01fb191c0b23069ecec7eae395c380e5ab4b1f1d3ed909a77e0a058f95b75b2c3cf1c5d36a39e1ea7a
-
SSDEEP
3072:hIBxE0QYx6FEsIeWrqdEHCCkSyfQAWQN8gVdjG35vTvTTkH:qPE08FvVdEB0f/pN8IavTcH
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-