limerat | db98339871559b86da0d442803cc11f1a8e7514fe0008ad85a354fe97e977f46 | Triage

Sharing

General

Target

JaffaCakes118_1a669cd4cd5a411751ea402f18f5cd74
Size

126KB
Sample

250106-kw9mdasmav
MD5

1a669cd4cd5a411751ea402f18f5cd74
SHA1

e25b5bfc127147425a04a1fc553d12a1235814f6
SHA256

db98339871559b86da0d442803cc11f1a8e7514fe0008ad85a354fe97e977f46
SHA512

26f87e1815a824f589f1d4f4adf6f6fb417e68e8b03c4c8725ff3fff3a21ee357dbbed76a10d5bb59ad7304b4ed124f0c1f62bf704e5bf0072989933f550a0c2
SSDEEP

768:dQI4VAn8vS/r1w6A2j5CGXRFxlz+44duYW0238mB1o6GBDwGsL+8r5Li99Vq7fBN:aax/r1V/5fPW4mud02MTrl8lO9C7p

Score

10^/10

limerat discovery rat

Malware Config

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/eQHEgJeL
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  JaffaCakes118_1a669cd4cd5a411751ea402f18f5cd74
- Size
  
  126KB
- MD5
  
  1a669cd4cd5a411751ea402f18f5cd74
- SHA1
  
  e25b5bfc127147425a04a1fc553d12a1235814f6
- SHA256
  
  db98339871559b86da0d442803cc11f1a8e7514fe0008ad85a354fe97e977f46
- SHA512
  
  26f87e1815a824f589f1d4f4adf6f6fb417e68e8b03c4c8725ff3fff3a21ee357dbbed76a10d5bb59ad7304b4ed124f0c1f62bf704e5bf0072989933f550a0c2
- SSDEEP
  
  768:dQI4VAn8vS/r1w6A2j5CGXRFxlz+44duYW0238mB1o6GBDwGsL+8r5Li99Vq7fBN:aax/r1V/5fPW4mud02MTrl8lO9C7p
Score

10^/10

limerat discovery rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Limerat family
  limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

limeratdiscoveryrat

behavioral2

limeratdiscoveryrat