General
-
Target
62d8ea970a9efd1beee95e835087648f401f1837d28f7ab805c0e75e5432e87d
-
Size
1.1MB
-
Sample
241018-2fhbmatfmq
-
MD5
02142683680b38f68f401846f3a52f65
-
SHA1
157bbe25a752be3b91f2a65d2761b048ed312a36
-
SHA256
62d8ea970a9efd1beee95e835087648f401f1837d28f7ab805c0e75e5432e87d
-
SHA512
f7a10bd9e55c74e0e6f124ab0ad9823379b2ab9f089e21c18fa4e2b2a660363aa51fcd2729c62329c4d2a286d406ea792d37cb599e39cae870d0b3f9da3f467e
-
SSDEEP
6144:BPsHNEssgUq82IvtmxTJLTVpEcejwCDZW9uVRWJ+omWOGZIieG:bmVJLRacsWcG
Malware Config
Extracted
limerat
-
aes_key
Estelionato Digital
-
antivm
false
-
c2_url
https://pastebin.com/raw/ntJXRvq3
-
delay
3
-
download_payload
false
-
install
true
-
install_name
svchost.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\System\
-
usb_spread
true
Targets
-
-
Target
62d8ea970a9efd1beee95e835087648f401f1837d28f7ab805c0e75e5432e87d
-
Size
1.1MB
-
MD5
02142683680b38f68f401846f3a52f65
-
SHA1
157bbe25a752be3b91f2a65d2761b048ed312a36
-
SHA256
62d8ea970a9efd1beee95e835087648f401f1837d28f7ab805c0e75e5432e87d
-
SHA512
f7a10bd9e55c74e0e6f124ab0ad9823379b2ab9f089e21c18fa4e2b2a660363aa51fcd2729c62329c4d2a286d406ea792d37cb599e39cae870d0b3f9da3f467e
-
SSDEEP
6144:BPsHNEssgUq82IvtmxTJLTVpEcejwCDZW9uVRWJ+omWOGZIieG:bmVJLRacsWcG
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-