Overview

overview

10

Static

static

3

fc3188bfa4...18.exe

windows7-x64

10

fc3188bfa4...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc3188bfa4da55b7e78f660706ea32df_JaffaCakes118

  • Size

    89KB

  • Sample

    241218-tdqk8avpem

  • MD5

    fc3188bfa4da55b7e78f660706ea32df

  • SHA1

    75ad73a0b989c37f9d4383d58ba522eaad102997

  • SHA256

    a3f99ddf20c41214826e9a43b83326ddd5957a71f383e250a256c61b83378a11

  • SHA512

    8ea21e66c1f8c5a7acbb26ddb6daf66d57e5fe218f612b669d2938488ba6715142f2fe564b75c5eedbc7bede46a2d0a05d6f99a0afec0fd967cfdfeb2a996e9d

  • SSDEEP

    1536:XRWy1jFD5Ew/JN1qHd0jy4MjydK5MF1OPklWz01TuSo7EHDyokkIPEDMy6ur:n5txN1Od0TMjydKk1h40ASo7EHuokkay

Score
10/10
limeratrat

Malware Config

Extracted

Family

limerat

Attributes
  • antivm

    false

  • c2_url

    https://pastebin.com/raw/7sALhsP2

  • download_payload

    false

  • install

    false

  • pin_spread

    false

  • usb_spread

    false

Targets

    • Target

      fc3188bfa4da55b7e78f660706ea32df_JaffaCakes118

    • Size

      89KB

    • MD5

      fc3188bfa4da55b7e78f660706ea32df

    • SHA1

      75ad73a0b989c37f9d4383d58ba522eaad102997

    • SHA256

      a3f99ddf20c41214826e9a43b83326ddd5957a71f383e250a256c61b83378a11

    • SHA512

      8ea21e66c1f8c5a7acbb26ddb6daf66d57e5fe218f612b669d2938488ba6715142f2fe564b75c5eedbc7bede46a2d0a05d6f99a0afec0fd967cfdfeb2a996e9d

    • SSDEEP

      1536:XRWy1jFD5Ew/JN1qHd0jy4MjydK5MF1OPklWz01TuSo7EHDyokkIPEDMy6ur:n5txN1Od0TMjydKk1h40ASo7EHuokkay

    Score
    10/10
    limeratrat

    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

      ratlimerat

    • Limerat family

      limerat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks