Overview

overview

10

Static

static

3

JaffaCakes...5c.exe

windows7-x64

10

JaffaCakes...5c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_ad06f960c187a89ec33dd551ce97365c

  • Size

    90KB

  • Sample

    250108-z4n3zawmhk

  • MD5

    ad06f960c187a89ec33dd551ce97365c

  • SHA1

    06eb142708364b293dba46b8999730b31d0192c1

  • SHA256

    74dc53f8bf55dcc17852e5b623dc957ed83ba21b09e3c0630bb313cde14988ac

  • SHA512

    af40c2feb1f8862831f0776ddfbfef07622bd362f727178e05ef42a4c33e141649cafa644195e72bf562e447badd909ac0a28c51c71cfbd3a27bd65567725deb

  • SSDEEP

    1536:j18S+HEBWbsocH3jLUJL4ySLtRvhaOzh4O9h6h91XvDldwCef:3+kkY0JLl6tGE4kh6hLl

Score
10/10
limeratdiscoveryrat

Malware Config

Extracted

Family

limerat

Attributes
  • antivm

    false

  • c2_url

    https://pastebin.com/raw/UdLDJHDy

  • download_payload

    false

  • install

    false

  • pin_spread

    false

  • usb_spread

    false

Targets

    • Target

      JaffaCakes118_ad06f960c187a89ec33dd551ce97365c

    • Size

      90KB

    • MD5

      ad06f960c187a89ec33dd551ce97365c

    • SHA1

      06eb142708364b293dba46b8999730b31d0192c1

    • SHA256

      74dc53f8bf55dcc17852e5b623dc957ed83ba21b09e3c0630bb313cde14988ac

    • SHA512

      af40c2feb1f8862831f0776ddfbfef07622bd362f727178e05ef42a4c33e141649cafa644195e72bf562e447badd909ac0a28c51c71cfbd3a27bd65567725deb

    • SSDEEP

      1536:j18S+HEBWbsocH3jLUJL4ySLtRvhaOzh4O9h6h91XvDldwCef:3+kkY0JLl6tGE4kh6hLl

    Score
    10/10
    limeratdiscoveryrat

    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

      ratlimerat

    • Limerat family

      limerat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks