Overview

overview

10

Static

static

3

868a9e62c0...18.exe

windows7-x64

10

868a9e62c0...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    868a9e62c032b2b4549b32413cbbca17_JaffaCakes118

  • Size

    89KB

  • Sample

    241102-vhzkcszkav

  • MD5

    868a9e62c032b2b4549b32413cbbca17

  • SHA1

    86be819fc9c9c8dc435120a5fb6262ae7be70d93

  • SHA256

    e1f1687889454c0e2fc33905898844ffba1816566d96e543128a4d60af25102a

  • SHA512

    38590c14f1d9bb4da3e1f3a8770d1c126c22f5a748aafb728d00d938a739681d78bf16403cd2ecc38c6699e8d7bab63fb12ecf7dc599d80dd342053a83a00c26

  • SSDEEP

    1536:8r8ugkF5Ew/JN1qHd0jy4MjydK5MF1OPklWz01TuSo7EHDyokkIPEDMyF3C4:vwxN1Od0TMjydKk1h40ASo7EHuokkaE3

Score
10/10
limeratrat

Malware Config

Extracted

Family

limerat

Attributes
  • antivm

    false

  • c2_url

    https://pastebin.com/raw/7sALhsP2

  • download_payload

    false

  • install

    false

  • pin_spread

    false

  • usb_spread

    false

Targets

    • Target

      868a9e62c032b2b4549b32413cbbca17_JaffaCakes118

    • Size

      89KB

    • MD5

      868a9e62c032b2b4549b32413cbbca17

    • SHA1

      86be819fc9c9c8dc435120a5fb6262ae7be70d93

    • SHA256

      e1f1687889454c0e2fc33905898844ffba1816566d96e543128a4d60af25102a

    • SHA512

      38590c14f1d9bb4da3e1f3a8770d1c126c22f5a748aafb728d00d938a739681d78bf16403cd2ecc38c6699e8d7bab63fb12ecf7dc599d80dd342053a83a00c26

    • SSDEEP

      1536:8r8ugkF5Ew/JN1qHd0jy4MjydK5MF1OPklWz01TuSo7EHDyokkIPEDMyF3C4:vwxN1Od0TMjydKk1h40ASo7EHuokkaE3

    Score
    10/10
    limeratrat

    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

      ratlimerat

    • Limerat family

      limerat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks