General
-
Target
JaffaCakes118_526b9ff4e1ec9ad0e87a2a5f566e9821
-
Size
64KB
-
Sample
250107-g3682syjcz
-
MD5
526b9ff4e1ec9ad0e87a2a5f566e9821
-
SHA1
154ec3ca9156d621cbacd3823113652768086550
-
SHA256
2eb7543933227aea5c8432e24eb7cafbea7089a9ed23ceb7437dd6e7e1913eca
-
SHA512
4814398737cb7c36a6a95599e432c74702308ca18bffe735cdbb55a57258cc68aabff6b7e8cc7b9f97e1e07246f02fd3e9c80191a92e11133b1c3551a699566f
-
SSDEEP
1536:rds4ft+QDwpbn0GOQ53f+bxJ2uCqkRoUyfM:TdA0GfYVAuCzNyk
Malware Config
Extracted
limerat
-
aes_key
killisrael
-
antivm
false
-
c2_url
https://pastebin.com/raw/v9J7B6vz
-
delay
3
-
download_payload
false
-
install
true
-
install_name
killisrael.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/v9J7B6vz
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
JaffaCakes118_526b9ff4e1ec9ad0e87a2a5f566e9821
-
Size
64KB
-
MD5
526b9ff4e1ec9ad0e87a2a5f566e9821
-
SHA1
154ec3ca9156d621cbacd3823113652768086550
-
SHA256
2eb7543933227aea5c8432e24eb7cafbea7089a9ed23ceb7437dd6e7e1913eca
-
SHA512
4814398737cb7c36a6a95599e432c74702308ca18bffe735cdbb55a57258cc68aabff6b7e8cc7b9f97e1e07246f02fd3e9c80191a92e11133b1c3551a699566f
-
SSDEEP
1536:rds4ft+QDwpbn0GOQ53f+bxJ2uCqkRoUyfM:TdA0GfYVAuCzNyk
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Limerat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-