Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
New-Client.exe
-
Size
28KB
-
Sample
241227-3ld2tsslgp
-
MD5
61a2b17f672f3acf54b7013f8a9e092c
-
SHA1
2ae9498d0e8aca337ad32c92c0e54b0e4afd1dfe
-
SHA256
e4e8159b917a569b84b0397df1c7e133bbb58f4f632bdafa939cc164afe0e8d0
-
SHA512
e6fdfa98dfd24f08770803d3eec60886bd93826df21a632073e53f27110518a6330d0d93a45b6b9dbef148b4740ba72659ed3aaceec7e54762ab3d86be89a0f0
-
SSDEEP
768:5piI6h5w9azdfpAY45NyPChGy1sEhwGxMj:5pW5w92SlePCb1Xi
Malware Config
Extracted
limerat
-
aes_key
1234
-
antivm
true
-
c2_url
https://pastebin.com/raw/DDTVwwbu
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
true
-
sub_folder
\
-
usb_spread
true
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/DDTVwwbu
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
New-Client.exe
-
Size
28KB
-
MD5
61a2b17f672f3acf54b7013f8a9e092c
-
SHA1
2ae9498d0e8aca337ad32c92c0e54b0e4afd1dfe
-
SHA256
e4e8159b917a569b84b0397df1c7e133bbb58f4f632bdafa939cc164afe0e8d0
-
SHA512
e6fdfa98dfd24f08770803d3eec60886bd93826df21a632073e53f27110518a6330d0d93a45b6b9dbef148b4740ba72659ed3aaceec7e54762ab3d86be89a0f0
-
SSDEEP
768:5piI6h5w9azdfpAY45NyPChGy1sEhwGxMj:5pW5w92SlePCb1Xi
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Limerat family
-
Legitimate hosting services abused for malware hosting/C2
-