Analysis
-
max time kernel
297s -
max time network
299s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241211-en -
resource tags
-
submitted
07-01-2025 19:42
General
-
Target
New-Client.exe
-
Size
29KB
-
MD5
1996761e16c80a70da416fb36f45efa9
-
SHA1
b5aa8d0e8e011b53540c7bd285ca0b920f4b9748
-
SHA256
e52b7e0775ff590cb5d184caadd53decc01d3a62d8ede7823dd7243d5f57d477
-
SHA512
5a61da0d524dd52f9098cb1cf23f0c7935475af821d719b8673f777dcbb9a3e17107a9dbf168b393372787f69c0226146a50df8fc84bb1eb568bcc775575af85
-
SSDEEP
384:XB+Sbj6NK2fa6JBAHN8M0hqDS5QzKvDKNrCeJE3WNgXyVgOCHoWBQro3lcDlsjr:xp2S6JBwNI5QzI45NsogOCHoWh/j
Malware Config
Extracted
limerat
-
aes_key
3455ttyhthhgh
-
antivm
false
-
c2_url
https://pastebin.com/raw/uqhR5Ld1
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/uqhR5Ld1
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Signatures
-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Limerat family
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\New-Client.exe"C:\Users\Admin\AppData\Local\Temp\New-Client.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
48KB
-
Filesize
624KB
-
Filesize
408KB
-
Filesize
7.7MB
-
Filesize
5.6MB
-
Filesize
4KB
-
Filesize
7.7MB