General
-
Target
BlackHAT.exe
-
Size
51KB
-
Sample
240930-www7tssglh
-
MD5
d5700c41472c7b4520203ed24422cd86
-
SHA1
6abfc54feaab58a84810f1d1c63bd43b2d8a9192
-
SHA256
297c3bfe34c2c0e7babc29946ff38c985293f2eb0dad98836a5ac340d35c9a77
-
SHA512
46d6037e97bb2587906feaf6e2d20e3abb5b3dcc1bf55767c7976f24ee0da952e3c4b68b29d810901cdbcd6ceee7cd73884cc3dc1a45e2a98ae9d9010ead217d
-
SSDEEP
768:SpMN6RpwdiERAkXL45NyJuKn1pj8hhs1SDdxYu+h7yokbz:SpbpwdTn0ewKnHohm1SDdxYEokbz
Malware Config
Extracted
limerat
-
aes_key
123499
-
antivm
false
-
c2_url
https://pastebin.com/raw/zwppgXcp
-
delay
3
-
download_payload
false
-
install
true
-
install_name
WindowsServices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
true
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/zwppgXcp
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
BlackHAT.exe
-
Size
51KB
-
MD5
d5700c41472c7b4520203ed24422cd86
-
SHA1
6abfc54feaab58a84810f1d1c63bd43b2d8a9192
-
SHA256
297c3bfe34c2c0e7babc29946ff38c985293f2eb0dad98836a5ac340d35c9a77
-
SHA512
46d6037e97bb2587906feaf6e2d20e3abb5b3dcc1bf55767c7976f24ee0da952e3c4b68b29d810901cdbcd6ceee7cd73884cc3dc1a45e2a98ae9d9010ead217d
-
SSDEEP
768:SpMN6RpwdiERAkXL45NyJuKn1pj8hhs1SDdxYu+h7yokbz:SpbpwdTn0ewKnHohm1SDdxYEokbz
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-