General

  • Target

    e8bddd761801f872c60619074a3b32c3_JaffaCakes118

  • Size

    185KB

  • Sample

    240918-krq98ssbnc

  • MD5

    e8bddd761801f872c60619074a3b32c3

  • SHA1

    e4e29f5ba3310e9e182f5d44c75b5a33424dfaef

  • SHA256

    c1e36a1edfbf3dcc0ed8b7ef724869cd60866b5690244534057294e16950856c

  • SHA512

    119a0f2838106bd7665b16f352f78f6bb5e6821c0b409a01fb191c0b23069ecec7eae395c380e5ab4b1f1d3ed909a77e0a058f95b75b2c3cf1c5d36a39e1ea7a

  • SSDEEP

    3072:hIBxE0QYx6FEsIeWrqdEHCCkSyfQAWQN8gVdjG35vTvTTkH:qPE08FvVdEB0f/pN8IavTcH

Score
10/10

Malware Config

Extracted

Family

limerat

Attributes
  • antivm

    false

  • c2_url

    https://pastebin.com/raw/q0iUEtJS

  • download_payload

    false

  • install

    false

  • pin_spread

    false

  • usb_spread

    false

Targets

    • Target

      e8bddd761801f872c60619074a3b32c3_JaffaCakes118

    • Size

      185KB

    • MD5

      e8bddd761801f872c60619074a3b32c3

    • SHA1

      e4e29f5ba3310e9e182f5d44c75b5a33424dfaef

    • SHA256

      c1e36a1edfbf3dcc0ed8b7ef724869cd60866b5690244534057294e16950856c

    • SHA512

      119a0f2838106bd7665b16f352f78f6bb5e6821c0b409a01fb191c0b23069ecec7eae395c380e5ab4b1f1d3ed909a77e0a058f95b75b2c3cf1c5d36a39e1ea7a

    • SSDEEP

      3072:hIBxE0QYx6FEsIeWrqdEHCCkSyfQAWQN8gVdjG35vTvTTkH:qPE08FvVdEB0f/pN8IavTcH

    Score
    10/10
    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks