limerat | hxxps://gofile[.]io/d/iPa1AU | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

1

https://gofile.io/d/...

windows10-1703-x64

Sharing

General

Target

https://gofile.io/d/iPa1AU
Sample

240929-x8j9gaxdlr

Score

10^/10

limerat discovery ransomware rat

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://gofile.io/d/iPa1AU

Resource

win10-20240404-en

limerat discovery ransomware rat

windows10-1703-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

limerat

Attributes

aes_key
123499
antivm
false
c2_url
https://pastebin.com/raw/ZJ0Dhft2
delay
3
download_payload
false
install
false
install_name
Wservices.exe
main_folder
Temp
pin_spread
false
sub_folder
\
usb_spread
false

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/ZJ0Dhft2
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  https://gofile.io/d/iPa1AU
Score

10^/10

limerat discovery ransomware rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Renames multiple (2291) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

limeratdiscoveryransomwarerat

© 2018-2024

Terms | Privacy