limerat | 46c414d0da7ab1033ae781c9da1a37914cfbc8eba076f1a77887c69d333daea1 | Triage

Sharing

General

Target

New-Client.exe
Size

28KB
Sample

241214-fxxxratnay
MD5

b8813ba4749b8bea32e1ef702ad83c34
SHA1

aa849260f51fe5de7715c7891d2ecdb451d9d64c
SHA256

46c414d0da7ab1033ae781c9da1a37914cfbc8eba076f1a77887c69d333daea1
SHA512

0dee9b0cb061feabf7e19b680da7c937bbb579a372b0cc2c8835124f64488d19bfba7f6f92145e0aaca64ad28f4b9371e89e89e0380821f89c5d1273567df1f5
SSDEEP

768:3pe26nrwtRohTa8X345NjiQshjED80DPAgj:3pGrwtRodzIPBshjEDtcg

Score

10^/10

limerat discovery rat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
ashhook123
antivm
false
c2_url
https://pastebin.com/raw/aNRufvVn
delay
40
download_payload
false
install
true
install_name
svhost.exe
main_folder
AppData
pin_spread
false
sub_folder
\Sys\
usb_spread
true

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/aNRufvVn
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  New-Client.exe
- Size
  
  28KB
- MD5
  
  b8813ba4749b8bea32e1ef702ad83c34
- SHA1
  
  aa849260f51fe5de7715c7891d2ecdb451d9d64c
- SHA256
  
  46c414d0da7ab1033ae781c9da1a37914cfbc8eba076f1a77887c69d333daea1
- SHA512
  
  0dee9b0cb061feabf7e19b680da7c937bbb579a372b0cc2c8835124f64488d19bfba7f6f92145e0aaca64ad28f4b9371e89e89e0380821f89c5d1273567df1f5
- SSDEEP
  
  768:3pe26nrwtRohTa8X345NjiQshjED80DPAgj:3pGrwtRodzIPBshjEDtcg
Score

10^/10

limerat discovery rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Limerat family
  limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

limeratdiscoveryrat

behavioral2

limeratdiscoveryrat