limerat | d3baaba5daf71d089975533a5e747676c1cdc899dfbbc4e19d1a4fab4c724409 | Triage

Resubmissions

15-12-2024 19:45

241215-ygwzmawnhj 10

15-12-2024 19:41

241215-yeeybsvjgw 10

Sharing

General

Target

f57649ba6969ed33fbe74f75acc2c73c_JaffaCakes118
Size

88KB
Sample

241215-ygwzmawnhj
MD5

f57649ba6969ed33fbe74f75acc2c73c
SHA1

6f02aeccf05d5db7c7c1eb477f684d692a1a9c65
SHA256

d3baaba5daf71d089975533a5e747676c1cdc899dfbbc4e19d1a4fab4c724409
SHA512

a2886be55e1836cefc32d8799669d8a51b892c90db6fae94e79c3817875f2def6cd850b9317c1bf28b2a52c595583610e31e3898f422136ed52f0946e011f23f
SSDEEP

1536:Ln6+rkHM0ZdBTuCgzEfsVwSJ8jXcLJ2mLoFzuNQ9AIV8zwSrL8RYzRdvBxZTpE5H:7vrkHzJTuCgzBJJAmLG7/6MRYBBxxpEd

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/7sALhsP2
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  f57649ba6969ed33fbe74f75acc2c73c_JaffaCakes118
- Size
  
  88KB
- MD5
  
  f57649ba6969ed33fbe74f75acc2c73c
- SHA1
  
  6f02aeccf05d5db7c7c1eb477f684d692a1a9c65
- SHA256
  
  d3baaba5daf71d089975533a5e747676c1cdc899dfbbc4e19d1a4fab4c724409
- SHA512
  
  a2886be55e1836cefc32d8799669d8a51b892c90db6fae94e79c3817875f2def6cd850b9317c1bf28b2a52c595583610e31e3898f422136ed52f0946e011f23f
- SSDEEP
  
  1536:Ln6+rkHM0ZdBTuCgzEfsVwSJ8jXcLJ2mLoFzuNQ9AIV8zwSrL8RYzRdvBxZTpE5H:7vrkHzJTuCgzBJJAmLG7/6MRYBBxxpEd
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Limerat family
  limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1