limerat | c9e846a5e8b50d5c767f48c53e2b6d9ae21cdfa3093de461b1a6fa5b18a5b368 | Triage

Sharing

General

Target

fc497d00a5a6e5ac881ae0b2464792d1_JaffaCakes118
Size

87KB
Sample

241218-tymp3avlhz
MD5

fc497d00a5a6e5ac881ae0b2464792d1
SHA1

bad62ec1c95a1c3ef9eb7673da72af985a26738a
SHA256

c9e846a5e8b50d5c767f48c53e2b6d9ae21cdfa3093de461b1a6fa5b18a5b368
SHA512

f0a1b7fb4aeabfcfbdc3003a7a07dff48fc2f24946410682ea1ef0ae340d3637243f1a004c3c7f2bcf5f30ca9152ab4a689420d1356125554615aab0acb67866
SSDEEP

1536:GaV40mHKRDh5OMiZM2wrfQw7J2GS4sjvgtCwi3g/Wstk0JmDfzv6ioa6e:GaV4Xqxuu2wkSAGxo3gaivpY

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/7sALhsP2
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  fc497d00a5a6e5ac881ae0b2464792d1_JaffaCakes118
- Size
  
  87KB
- MD5
  
  fc497d00a5a6e5ac881ae0b2464792d1
- SHA1
  
  bad62ec1c95a1c3ef9eb7673da72af985a26738a
- SHA256
  
  c9e846a5e8b50d5c767f48c53e2b6d9ae21cdfa3093de461b1a6fa5b18a5b368
- SHA512
  
  f0a1b7fb4aeabfcfbdc3003a7a07dff48fc2f24946410682ea1ef0ae340d3637243f1a004c3c7f2bcf5f30ca9152ab4a689420d1356125554615aab0acb67866
- SSDEEP
  
  1536:GaV40mHKRDh5OMiZM2wrfQw7J2GS4sjvgtCwi3g/Wstk0JmDfzv6ioa6e:GaV4Xqxuu2wkSAGxo3gaivpY
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Limerat family
  limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2