General
-
Target
31d7267be9bea428656d5816407f54465874ab19412bb9fc9b6e9ff3ae071fcb
-
Size
886KB
-
Sample
241122-z36avsvqgj
-
MD5
8b637ff4088420db4452d5520dbb5322
-
SHA1
ff4f59e05fc12fcc63152865249fd2201234059c
-
SHA256
31d7267be9bea428656d5816407f54465874ab19412bb9fc9b6e9ff3ae071fcb
-
SHA512
865ad3eef1b9447a142f73918fdb124ceef16c2833ee0915f647d480031e6ce420bf019e94a9b44af693b8d54c7b818eeea5e9e4d8a7bf9e81f69b969a292f0a
-
SSDEEP
24576:4RnVM8ucIfxiCYG1mfo/O91ewJEzJsUKkWHTUzBc790WdTfreNwqBcY1j:+CbqoCQ8dk
Malware Config
Extracted
limerat
-
aes_key
madziaq
-
antivm
false
-
c2_url
https://pastebin.com/raw/wnVQqrBE
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
true
-
sub_folder
\
-
usb_spread
true
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/wnVQqrBE
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
31d7267be9bea428656d5816407f54465874ab19412bb9fc9b6e9ff3ae071fcb
-
Size
886KB
-
MD5
8b637ff4088420db4452d5520dbb5322
-
SHA1
ff4f59e05fc12fcc63152865249fd2201234059c
-
SHA256
31d7267be9bea428656d5816407f54465874ab19412bb9fc9b6e9ff3ae071fcb
-
SHA512
865ad3eef1b9447a142f73918fdb124ceef16c2833ee0915f647d480031e6ce420bf019e94a9b44af693b8d54c7b818eeea5e9e4d8a7bf9e81f69b969a292f0a
-
SSDEEP
24576:4RnVM8ucIfxiCYG1mfo/O91ewJEzJsUKkWHTUzBc790WdTfreNwqBcY1j:+CbqoCQ8dk
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Limerat family
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-