limerat | e65c8b7adef2d900a2041507d873cc2afc0ed5aeaee401823340e635af7a4470 | Triage

Sharing

General

Target

8ca274dbc58ebc02871890568d974f8d_JaffaCakes118
Size

63KB
Sample

241103-vylnfaynet
MD5

8ca274dbc58ebc02871890568d974f8d
SHA1

3aeefa2a74cfa452f7ede84628ccbeccd6112c10
SHA256

e65c8b7adef2d900a2041507d873cc2afc0ed5aeaee401823340e635af7a4470
SHA512

82dc3cf039d75b0c3c92cb4b8ba4bcc911b73f732b08c0d60c186fb73c65a5d391a16b4284ac9b8366254c407158d17b80accfc21c78a5871b396561d4d68fe5
SSDEEP

1536:QCQ1bX2UG2m9mIznhAyVCBjfWLJ2V3kYIjmeQhGBK0zi9:Pa+PNApkYICw+

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
pundek
antivm
false
c2_url
https://pastebin.com/raw/7sALhsP2
delay
3
download_payload
false
install
true
install_name
Secure.exe
main_folder
Temp
pin_spread
false
sub_folder
\
usb_spread
false

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/7sALhsP2
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  8ca274dbc58ebc02871890568d974f8d_JaffaCakes118
- Size
  
  63KB
- MD5
  
  8ca274dbc58ebc02871890568d974f8d
- SHA1
  
  3aeefa2a74cfa452f7ede84628ccbeccd6112c10
- SHA256
  
  e65c8b7adef2d900a2041507d873cc2afc0ed5aeaee401823340e635af7a4470
- SHA512
  
  82dc3cf039d75b0c3c92cb4b8ba4bcc911b73f732b08c0d60c186fb73c65a5d391a16b4284ac9b8366254c407158d17b80accfc21c78a5871b396561d4d68fe5
- SSDEEP
  
  1536:QCQ1bX2UG2m9mIznhAyVCBjfWLJ2V3kYIjmeQhGBK0zi9:Pa+PNApkYICw+
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Limerat family
  limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2