limerat | 8c759631933c76157ea4ce9520b728e164a6d2516ed41f468def5cd46c8a2504 | Triage

Sharing

General

Target

772c0f9d4ddd0a97ff5205c1b8657f4b_JaffaCakes118
Size

450KB
Sample

241028-cq6pjaxhkc
MD5

772c0f9d4ddd0a97ff5205c1b8657f4b
SHA1

2e427c313c1906f9b16345fc6b4d472e4ec22d69
SHA256

8c759631933c76157ea4ce9520b728e164a6d2516ed41f468def5cd46c8a2504
SHA512

cf782137712685a8b4111fa4adf9c4e586a31fdcd5ac95cebd6661f5cb95662a0a3c84c6f1760a3a2ba5451caf6be98098b6d59a6aaa8dce33febc5e87d8ad63
SSDEEP

12288:vZ7MJz7bLg0MKhJWmAqLFlVJ0d1QVaJjq:v2eghJWmA6FbcQVaJjq

Score

10^/10

limerat discovery rat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
pundek
antivm
false
c2_url
https://pastebin.com/raw/7sALhsP2
delay
3
download_payload
false
install
true
install_name
Secure.exe
main_folder
Temp
pin_spread
false
sub_folder
\
usb_spread
false

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/7sALhsP2
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  772c0f9d4ddd0a97ff5205c1b8657f4b_JaffaCakes118
- Size
  
  450KB
- MD5
  
  772c0f9d4ddd0a97ff5205c1b8657f4b
- SHA1
  
  2e427c313c1906f9b16345fc6b4d472e4ec22d69
- SHA256
  
  8c759631933c76157ea4ce9520b728e164a6d2516ed41f468def5cd46c8a2504
- SHA512
  
  cf782137712685a8b4111fa4adf9c4e586a31fdcd5ac95cebd6661f5cb95662a0a3c84c6f1760a3a2ba5451caf6be98098b6d59a6aaa8dce33febc5e87d8ad63
- SSDEEP
  
  12288:vZ7MJz7bLg0MKhJWmAqLFlVJ0d1QVaJjq:v2eghJWmA6FbcQVaJjq
Score

10^/10

limerat discovery rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Limerat family
  limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

limeratdiscoveryrat

behavioral2

limeratdiscoveryrat