limerat | 8d6cb11ba8ff156054a0b2f68f424d033196e154e5bef124535ae36f4bd16f2f | Triage

Sharing

General

Target

JaffaCakes118_5fc1365c4551eaa96e69d7b71a3eacff
Size

1.7MB
Sample

250107-neacqs1jfj
MD5

5fc1365c4551eaa96e69d7b71a3eacff
SHA1

d423ee067f56c0513cbfc501118f4be00260d3e7
SHA256

8d6cb11ba8ff156054a0b2f68f424d033196e154e5bef124535ae36f4bd16f2f
SHA512

2f319691258e42d1ce29e736c791b4aa7d702bc067ea7afdfef12a1298f16fc8ddc87f41651b2872a38ce58dc804bb2a6edd96d58152504bcae297fe3c6f581f
SSDEEP

49152:JvKmKy0STrb/TtvO90dL3BmAFd4A64nsfJQFMgTR55IXRuz1:Jvo4zPP

Score

10^/10

limerat discovery rat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
49H8Kbf15JFN2diG5evGHA5G49qhgFBuDid86z3MKxTv59dcqySCzFWUL3SgsEk2SufzTziHp3UE5P8BatwuyFuv1bBKQw2
antivm
true
c2_url
https://pastebin.com/raw/pGEgCZKs
delay
3
download_payload
false
install
true
install_name
kick_09.exe
main_folder
Temp
pin_spread
true
sub_folder
\01\
usb_spread
true

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/pGEgCZKs
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  JaffaCakes118_5fc1365c4551eaa96e69d7b71a3eacff
- Size
  
  1.7MB
- MD5
  
  5fc1365c4551eaa96e69d7b71a3eacff
- SHA1
  
  d423ee067f56c0513cbfc501118f4be00260d3e7
- SHA256
  
  8d6cb11ba8ff156054a0b2f68f424d033196e154e5bef124535ae36f4bd16f2f
- SHA512
  
  2f319691258e42d1ce29e736c791b4aa7d702bc067ea7afdfef12a1298f16fc8ddc87f41651b2872a38ce58dc804bb2a6edd96d58152504bcae297fe3c6f581f
- SSDEEP
  
  49152:JvKmKy0STrb/TtvO90dL3BmAFd4A64nsfJQFMgTR55IXRuz1:Jvo4zPP
Score

10^/10

limerat discovery rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Limerat family
  limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

limeratdiscoveryrat

behavioral2

limeratdiscoveryrat