General

  • Target

    TRY.exe

  • Size

    28KB

  • Sample

    200731-b1tyqdhbex

  • MD5

    ec828127c3d3d6037a22a729f410e079

  • SHA1

    d39f6c1cc851cb91b5f10f0004c20aca07578fdd

  • SHA256

    3dff78186451d97e6c3403b885ffb148cc7130b2b787b915041c7363feb74c68

  • SHA512

    7bda81acda82a155278bae3403ab8e9f180a7785db9ee4aafeaeffc9094f23f3c9c36633b30683af408049d85b648b9beae6c4cb7ab81825b635a08c87b19ada

Score
10/10

Malware Config

Extracted

Family

limerat

Attributes
  • aes_key

    12345

  • antivm

    false

  • c2_url

    https://pastebin.com/raw/hUxcYmeR

  • delay

    3

  • download_payload

    false

  • install

    true

  • install_name

    Wservices.exe

  • main_folder

    Temp

  • pin_spread

    false

  • sub_folder

    \

  • usb_spread

    true

Targets

    • Target

      TRY.exe

    • Size

      28KB

    • MD5

      ec828127c3d3d6037a22a729f410e079

    • SHA1

      d39f6c1cc851cb91b5f10f0004c20aca07578fdd

    • SHA256

      3dff78186451d97e6c3403b885ffb148cc7130b2b787b915041c7363feb74c68

    • SHA512

      7bda81acda82a155278bae3403ab8e9f180a7785db9ee4aafeaeffc9094f23f3c9c36633b30683af408049d85b648b9beae6c4cb7ab81825b635a08c87b19ada

    Score
    10/10
    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

System Information Discovery

1
T1082

Command and Control

Web Service

1
T1102

Tasks