limerat | 5a11dc748cb2bf5232448c41ed0c28c6e53bfa5579b76193d5320ebf5b6d6f06 | Triage

Sharing

General

Target

107ef6f0bea41f7c2c758c19cfc18524_JaffaCakes118
Size

62KB
Sample

241003-zv3vrswfnl
MD5

107ef6f0bea41f7c2c758c19cfc18524
SHA1

d8f0377fe62ada0d391edb46913ffd8d34a49e3b
SHA256

5a11dc748cb2bf5232448c41ed0c28c6e53bfa5579b76193d5320ebf5b6d6f06
SHA512

3f977e20e1a0d9ae5159e8c5d843bc03e7b049f19b3ccbb1fc85f0ecb2c4e043175359a785117f7961b1dd76245e5aee1f13a40564a3273b86f7fc30f5dea86d
SSDEEP

1536:LsbHlWt3db3hsHEAtt2HARikJ2ixAe5JmhKh:LMHIlKEAvDAiNUKh

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
root
antivm
false
c2_url
https://pastebin.com/raw/7sALhsP2
delay
3
download_payload
false
install
true
install_name
help.exe
main_folder
Temp
pin_spread
false
sub_folder
\
usb_spread
false

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/7sALhsP2
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  107ef6f0bea41f7c2c758c19cfc18524_JaffaCakes118
- Size
  
  62KB
- MD5
  
  107ef6f0bea41f7c2c758c19cfc18524
- SHA1
  
  d8f0377fe62ada0d391edb46913ffd8d34a49e3b
- SHA256
  
  5a11dc748cb2bf5232448c41ed0c28c6e53bfa5579b76193d5320ebf5b6d6f06
- SHA512
  
  3f977e20e1a0d9ae5159e8c5d843bc03e7b049f19b3ccbb1fc85f0ecb2c4e043175359a785117f7961b1dd76245e5aee1f13a40564a3273b86f7fc30f5dea86d
- SSDEEP
  
  1536:LsbHlWt3db3hsHEAtt2HARikJ2ixAe5JmhKh:LMHIlKEAvDAiNUKh
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2