limerat | a6927bd04276913b77a3a3d34ed38b8e6f8d2e94c8aacb0a7c5e8f8e3510bb3e | Triage

Sharing

General

Target

CandyDDoser-15.4.1-relase.exe
Size

48KB
Sample

250126-jp628sxngm
MD5

a6afa66b8e30978a4332ce1eccfea5d4
SHA1

6c1cd4bd94511bfd5a9077647f7997c199bafaf5
SHA256

a6927bd04276913b77a3a3d34ed38b8e6f8d2e94c8aacb0a7c5e8f8e3510bb3e
SHA512

5851a1359ad23d851d59a28f3fda93a6bb25daf5dfc1c2c7f6a2f71f9a12bfe62c7420f94aa33fa298a02e0c2e4b3c37e5732fab9a48352a81f2bb9a98d444fe
SSDEEP

768:KpgO6PTwdAxZdEayM45NtP0/JCGjDYSvsMMq6n81i9UL5HdwYw:KpATwdM6LxBwHfYNMMq62i9EH

Score

10^/10

limerat discovery rat

Malware Config

Extracted

Family

limerat

Attributes

aes_key
ewewasdgh
antivm
true
c2_url
https://pastebin.com/raw/hj9UaNnk
delay
3
download_payload
false
install
true
install_name
CandyDDoser-15.4.1-relase.exe
main_folder
AppData
pin_spread
true
sub_folder
\VoiceMod\
usb_spread
true

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/hj9UaNnk
download_payload
false
install
false
pin_spread
false
usb_spread
false

Targets

- Target
  
  CandyDDoser-15.4.1-relase.exe
- Size
  
  48KB
- MD5
  
  a6afa66b8e30978a4332ce1eccfea5d4
- SHA1
  
  6c1cd4bd94511bfd5a9077647f7997c199bafaf5
- SHA256
  
  a6927bd04276913b77a3a3d34ed38b8e6f8d2e94c8aacb0a7c5e8f8e3510bb3e
- SHA512
  
  5851a1359ad23d851d59a28f3fda93a6bb25daf5dfc1c2c7f6a2f71f9a12bfe62c7420f94aa33fa298a02e0c2e4b3c37e5732fab9a48352a81f2bb9a98d444fe
- SSDEEP
  
  768:KpgO6PTwdAxZdEayM45NtP0/JCGjDYSvsMMq6n81i9UL5HdwYw:KpATwdM6LxBwHfYNMMq62i9EH
Score

10^/10

limerat discovery rat
- LimeRAT
  Simple yet powerful RAT for Windows machines written in .NET.
  rat limerat
- Limerat family
  limerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

limeratdiscoveryrat

behavioral2

limeratdiscoveryrat