Overview

overview

10

Static

static

3

f4fed73c15...18.exe

windows7-x64

10

f4fed73c15...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f4fed73c155c991c6ba83b29d22da129_JaffaCakes118

  • Size

    87KB

  • Sample

    241215-vyrvfsspdr

  • MD5

    f4fed73c155c991c6ba83b29d22da129

  • SHA1

    67f9c744160d5fc172b4669a3007f6d81470728c

  • SHA256

    9ab7c4dfaec873975834c840cb6b5dbe17bf36368a74a333481a121fc32130b0

  • SHA512

    992ed4d4f59eb64abb054ea8baf33107452b58603d7d9b2cc29ee7d642320aca0b2cd00c0bcd2a6d4dc5df5f19dd97e98856560222e11e200d5b8a0379b407ef

  • SSDEEP

    1536:ZWxBV0pe0LfsabYkCsl4y96J2J/1E9PjC0W0MBnbpzih8j0/F5LgFWoLZlRCaoOW:ZWxBB0QaIckAYJpM/k8jCHWlRCawjWM

Score
10/10
limeratrat

Malware Config

Extracted

Family

limerat

Attributes
  • antivm

    false

  • c2_url

    https://pastebin.com/raw/7sALhsP2

  • download_payload

    false

  • install

    false

  • pin_spread

    false

  • usb_spread

    false

Targets

    • Target

      f4fed73c155c991c6ba83b29d22da129_JaffaCakes118

    • Size

      87KB

    • MD5

      f4fed73c155c991c6ba83b29d22da129

    • SHA1

      67f9c744160d5fc172b4669a3007f6d81470728c

    • SHA256

      9ab7c4dfaec873975834c840cb6b5dbe17bf36368a74a333481a121fc32130b0

    • SHA512

      992ed4d4f59eb64abb054ea8baf33107452b58603d7d9b2cc29ee7d642320aca0b2cd00c0bcd2a6d4dc5df5f19dd97e98856560222e11e200d5b8a0379b407ef

    • SSDEEP

      1536:ZWxBV0pe0LfsabYkCsl4y96J2J/1E9PjC0W0MBnbpzih8j0/F5LgFWoLZlRCaoOW:ZWxBB0QaIckAYJpM/k8jCHWlRCawjWM

    Score
    10/10
    limeratrat

    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

      ratlimerat

    • Limerat family

      limerat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks