General
-
Target
New-Client.exe
-
Size
29KB
-
Sample
250107-ye2r4awjas
-
MD5
1996761e16c80a70da416fb36f45efa9
-
SHA1
b5aa8d0e8e011b53540c7bd285ca0b920f4b9748
-
SHA256
e52b7e0775ff590cb5d184caadd53decc01d3a62d8ede7823dd7243d5f57d477
-
SHA512
5a61da0d524dd52f9098cb1cf23f0c7935475af821d719b8673f777dcbb9a3e17107a9dbf168b393372787f69c0226146a50df8fc84bb1eb568bcc775575af85
-
SSDEEP
384:XB+Sbj6NK2fa6JBAHN8M0hqDS5QzKvDKNrCeJE3WNgXyVgOCHoWBQro3lcDlsjr:xp2S6JBwNI5QzI45NsogOCHoWh/j
Malware Config
Extracted
limerat
-
aes_key
3455ttyhthhgh
-
antivm
false
-
c2_url
https://pastebin.com/raw/uqhR5Ld1
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/uqhR5Ld1
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
New-Client.exe
-
Size
29KB
-
MD5
1996761e16c80a70da416fb36f45efa9
-
SHA1
b5aa8d0e8e011b53540c7bd285ca0b920f4b9748
-
SHA256
e52b7e0775ff590cb5d184caadd53decc01d3a62d8ede7823dd7243d5f57d477
-
SHA512
5a61da0d524dd52f9098cb1cf23f0c7935475af821d719b8673f777dcbb9a3e17107a9dbf168b393372787f69c0226146a50df8fc84bb1eb568bcc775575af85
-
SSDEEP
384:XB+Sbj6NK2fa6JBAHN8M0hqDS5QzKvDKNrCeJE3WNgXyVgOCHoWBQro3lcDlsjr:xp2S6JBwNI5QzI45NsogOCHoWh/j
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Limerat family
-
Legitimate hosting services abused for malware hosting/C2
-