limerat | 2f3d77f926e241f50e090057f76141d62fb66637fdfda6be9d360f154bd7d619 | Triage

Sharing

General

Target

2f3d77f926e241f50e090057f76141d62fb66637fdfda6be9d360f154bd7d619.exe
Size

126KB
Sample

241123-yg5xjasqhv
MD5

2dd2f138d0d9e49bacca639357af4481
SHA1

58c94fae547eaad0a94e0be91782eb2338f21be5
SHA256

2f3d77f926e241f50e090057f76141d62fb66637fdfda6be9d360f154bd7d619
SHA512

4ee82275fa0f9549624e8fbc1deed9e3d59b147584ebf05946bf1672a10551679427cfd67523c34343502bfae57e455ae53e321c8ce81001b930e8605a79deb8
SSDEEP

768:dQI4VAn8vS/r1w6A2j5CGXRFxlz+44duYW0238mB1o6GBDwGsL+8r5Li99Vq7fBm:aax/r1V/5fPW4mud02MTrl8lO9C7pm

Score

10^/10

limerat discovery rat

Malware Config

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/eQHEgJeL
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  2f3d77f926e241f50e090057f76141d62fb66637fdfda6be9d360f154bd7d619.exe
- Size
  
  126KB
- MD5
  
  2dd2f138d0d9e49bacca639357af4481
- SHA1
  
  58c94fae547eaad0a94e0be91782eb2338f21be5
- SHA256
  
  2f3d77f926e241f50e090057f76141d62fb66637fdfda6be9d360f154bd7d619
- SHA512
  
  4ee82275fa0f9549624e8fbc1deed9e3d59b147584ebf05946bf1672a10551679427cfd67523c34343502bfae57e455ae53e321c8ce81001b930e8605a79deb8
- SSDEEP
  
  768:dQI4VAn8vS/r1w6A2j5CGXRFxlz+44duYW0238mB1o6GBDwGsL+8r5Li99Vq7fBm:aax/r1V/5fPW4mud02MTrl8lO9C7pm
Score

10^/10

limerat discovery rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Limerat family
  limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

limeratdiscoveryrat

behavioral2

limeratdiscoveryrat