limerat | 1c2555c644bccfff0e5565f437e6b6c54dcb3ef5cba5f1dccc702bf179df2cbc | Triage

Sharing

General

Target

f1d2e41f8975a9bc0398b6ae1240a27b_JaffaCakes118
Size

25KB
Sample

240922-md5xksvbnf
MD5

f1d2e41f8975a9bc0398b6ae1240a27b
SHA1

398a0d64048a75a3be2dcc7e1c3a605aab3fb757
SHA256

1c2555c644bccfff0e5565f437e6b6c54dcb3ef5cba5f1dccc702bf179df2cbc
SHA512

9c4bc2556f57732b756f989e55ec6ef98deab1160edc3276c3347cc101048e0fae5ab4ef589f6d8463b02d0d6ff85d92ab47c56418d0d8e1d72b1a4b686f83c5
SSDEEP

384:3E0WnRVhrGmNvpo6faDh9as5QPJp388Pt84kDGlzCTJEUmNY9bro3lcx2YDW:qhL+6i99uPJp3KatNXnY

Score

10^/10

limerat discovery rat

Malware Config

Extracted

Family

limerat

Wallets

14dRaUuiR6xkQW6oD9ZQz1vLRDHNsediFi

Attributes

aes_key
retik
antivm
false
c2_url
https://pastebin.com/raw/rtpWLvAD
delay
3
download_payload
false
install
true
install_name
systry.exe
main_folder
AppData
pin_spread
true
sub_folder
\
usb_spread
true

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/rtpWLvAD
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  f1d2e41f8975a9bc0398b6ae1240a27b_JaffaCakes118
- Size
  
  25KB
- MD5
  
  f1d2e41f8975a9bc0398b6ae1240a27b
- SHA1
  
  398a0d64048a75a3be2dcc7e1c3a605aab3fb757
- SHA256
  
  1c2555c644bccfff0e5565f437e6b6c54dcb3ef5cba5f1dccc702bf179df2cbc
- SHA512
  
  9c4bc2556f57732b756f989e55ec6ef98deab1160edc3276c3347cc101048e0fae5ab4ef589f6d8463b02d0d6ff85d92ab47c56418d0d8e1d72b1a4b686f83c5
- SSDEEP
  
  384:3E0WnRVhrGmNvpo6faDh9as5QPJp388Pt84kDGlzCTJEUmNY9bro3lcx2YDW:qhL+6i99uPJp3KatNXnY
Score

10^/10

limerat discovery rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

limeratdiscoveryrat

behavioral2

limeratdiscoveryrat