limerat | d35b0d4acf25550d2fdb234dfc4fc04443014ffb2237f1949d1dd348d0aa44d0 | Triage

Sharing

General

Target

JaffaCakes118_958fcc601c2a017436e7acd4d31697a6
Size

124KB
Sample

250108-karvfatrcq
MD5

958fcc601c2a017436e7acd4d31697a6
SHA1

c399333efba23754949cb4d73334761f6cb6ef2d
SHA256

d35b0d4acf25550d2fdb234dfc4fc04443014ffb2237f1949d1dd348d0aa44d0
SHA512

09f042016c16e0c2356e645040215bebb715f180663528d13ff279fddb2c643fae4c899c1be7b05341978281f596d159e6efbb7afa4e8e96666d7842ab67d366
SSDEEP

768:OAYDnxwVhDnVMcW9/Bpl6iOQSieEL3gvWw296lzrU22o5Qe3R5uRAUgwBV6:hCxwrnVM/BxODCLQ6k5H3nwg

Score

10^/10

limerat discovery rat

Malware Config

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/eQHEgJeL
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  JaffaCakes118_958fcc601c2a017436e7acd4d31697a6
- Size
  
  124KB
- MD5
  
  958fcc601c2a017436e7acd4d31697a6
- SHA1
  
  c399333efba23754949cb4d73334761f6cb6ef2d
- SHA256
  
  d35b0d4acf25550d2fdb234dfc4fc04443014ffb2237f1949d1dd348d0aa44d0
- SHA512
  
  09f042016c16e0c2356e645040215bebb715f180663528d13ff279fddb2c643fae4c899c1be7b05341978281f596d159e6efbb7afa4e8e96666d7842ab67d366
- SSDEEP
  
  768:OAYDnxwVhDnVMcW9/Bpl6iOQSieEL3gvWw296lzrU22o5Qe3R5uRAUgwBV6:hCxwrnVM/BxODCLQ6k5H3nwg
Score

10^/10

limerat discovery rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Limerat family
  limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

limeratdiscoveryrat

behavioral2

limeratdiscoveryrat