limerat | 2eb7543933227aea5c8432e24eb7cafbea7089a9ed23ceb7437dd6e7e1913eca | Triage

Sharing

General

Target

JaffaCakes118_526b9ff4e1ec9ad0e87a2a5f566e9821
Size

64KB
Sample

250107-g3682syjcz
MD5

526b9ff4e1ec9ad0e87a2a5f566e9821
SHA1

154ec3ca9156d621cbacd3823113652768086550
SHA256

2eb7543933227aea5c8432e24eb7cafbea7089a9ed23ceb7437dd6e7e1913eca
SHA512

4814398737cb7c36a6a95599e432c74702308ca18bffe735cdbb55a57258cc68aabff6b7e8cc7b9f97e1e07246f02fd3e9c80191a92e11133b1c3551a699566f
SSDEEP

1536:rds4ft+QDwpbn0GOQ53f+bxJ2uCqkRoUyfM:TdA0GfYVAuCzNyk

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
killisrael
antivm
false
c2_url
https://pastebin.com/raw/v9J7B6vz
delay
3
download_payload
false
install
true
install_name
killisrael.exe
main_folder
Temp
pin_spread
false
sub_folder
\
usb_spread
false

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/v9J7B6vz
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  JaffaCakes118_526b9ff4e1ec9ad0e87a2a5f566e9821
- Size
  
  64KB
- MD5
  
  526b9ff4e1ec9ad0e87a2a5f566e9821
- SHA1
  
  154ec3ca9156d621cbacd3823113652768086550
- SHA256
  
  2eb7543933227aea5c8432e24eb7cafbea7089a9ed23ceb7437dd6e7e1913eca
- SHA512
  
  4814398737cb7c36a6a95599e432c74702308ca18bffe735cdbb55a57258cc68aabff6b7e8cc7b9f97e1e07246f02fd3e9c80191a92e11133b1c3551a699566f
- SSDEEP
  
  1536:rds4ft+QDwpbn0GOQ53f+bxJ2uCqkRoUyfM:TdA0GfYVAuCzNyk
Score

10^/10

limerat rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Limerat family
  limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2