limerat | 066cc1f77311bb6532cd2fe87e20487dd5dac8a2b0749c85ec7b85a03acfc2b2 | Triage

Sharing

General

Target

BLTools 2.5.exe
Size

95KB
Sample

241118-decsrawmet
MD5

ea7e08be1070d80d655c888c706e0f24
SHA1

0a306cf100c098860b2af1afc850e6dc82e9a855
SHA256

066cc1f77311bb6532cd2fe87e20487dd5dac8a2b0749c85ec7b85a03acfc2b2
SHA512

c049e5ad899ea384876f6d01aa2c53738197f569b9383a49d2c6313929afede9fd555dbb4e524976867d6ad6d3cbdc8278efc9ed42ab3065a4a5e2626fccc8c2
SSDEEP

768:Jpv+6fQwT+Jty6X45Nwy1kdpI1Mr6+jN0eSvH9ZcTyrzgEhR2nsCt7CNFd7mic2g:JpPQwT0forrs5RnC9ZcKOsCtKjb+

Score

10^/10

limerat discovery rat

Malware Config

Extracted

Family

limerat

Wallets

bc1q0gmdxcfwzc5wnfpk36nmvuyqnuhz775nzlassz

Attributes

aes_key
hakai
antivm
true
c2_url
https://pastebin.com/raw/U2Ffc64v
delay
3
download_payload
false
install
true
install_name
Microsoft.exe
main_folder
AppData
pin_spread
true
sub_folder
\Microsoft\
usb_spread
true

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/U2Ffc64v
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  BLTools 2.5.exe
- Size
  
  95KB
- MD5
  
  ea7e08be1070d80d655c888c706e0f24
- SHA1
  
  0a306cf100c098860b2af1afc850e6dc82e9a855
- SHA256
  
  066cc1f77311bb6532cd2fe87e20487dd5dac8a2b0749c85ec7b85a03acfc2b2
- SHA512
  
  c049e5ad899ea384876f6d01aa2c53738197f569b9383a49d2c6313929afede9fd555dbb4e524976867d6ad6d3cbdc8278efc9ed42ab3065a4a5e2626fccc8c2
- SSDEEP
  
  768:Jpv+6fQwT+Jty6X45Nwy1kdpI1Mr6+jN0eSvH9ZcTyrzgEhR2nsCt7CNFd7mic2g:JpPQwT0forrs5RnC9ZcKOsCtKjb+
Score

10^/10

limerat discovery rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Limerat family
  limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

limeratdiscoveryrat

behavioral2

limeratdiscoveryrat