MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 289a899e650426588b020e4f4b9159b40a9ae2c06c89db166f51f55d8a4f57e9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LimeRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 289a899e650426588b020e4f4b9159b40a9ae2c06c89db166f51f55d8a4f57e9
SHA3-384 hash: 9e3d8e755c008b73719767e5ba4e26a5b4d86b613a2819d01494d2f3996b1ef3bc27d8a6fef274e1d37d667a63811664
SHA1 hash: d8198dbc75c1c03fcbbbed4e1cbf0fc30b602437
MD5 hash: be8f33fe0e26d1c0b322812ced0f7592
humanhash: robert-zulu-nevada-victor
File name:289a899e650426588b020e4f4b9159b40a9ae2c06c89db166f51f55d8a4f57e9
Download: download sample
Signature LimeRAT
Create hunting rule
File size:1'069'056 bytes
First seen:2020-06-16 09:30:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 88381b84da56810b869e897e6d45bd58 (10 x XFilesStealer, 1 x LimeRAT)
ssdeep 24576:8Vh9rzI6vMnz1/qYeqZqBEzyM8YUARlNFf1AHJNaVfJLh88Ht:8V/zIOMn5yq0EzyMNrWgth88Ht
Threatray 664 similar samples on MalwareBazaar
TLSH BA357CC3ABE640BDD65A69F61173132FEF728A1A031291D797E47C82E5903D1B7392C2
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/10701/
Detection(s):
SecuriteInfo.com.Trojan.Click2.19639.10131.11519.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injuke
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 00:41:00 UTC
File Type:
PE (Exe)
Extracted files:
8
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
28ebdc57f4de0a5f04d5ac0c8f17996d257df911de9900c3e6db1f1e213383b7
LimeRAT
52a0b32117ded008aba2f96eae8dcd1e49600fa1666ad517d03b81d71f62f8ac
LimeRAT
7310d9b87d90bb647879dd9a7adc8cb76e0630dca1e15e75abfd0083203e83a2
LimeRAT
99d9cdc246bf28881b009ae71b1611c83397b23b5adf5b3746f51a5a2903ec24
LimeRAT
aa0ef170fbdf28b626cafc71c401ce5e5b151efca751e1301ab1d68ddc6af5ad
LimeRAT
c2c82ee2700333d677bee2937f99b1e5657f339e23c27b5b7d2a397b672fffd9
LimeRAT
c4a2c8397cfa4f7f16a317aad541b6c48e35c4420249f702b2c6f01faf66ef61
LimeRAT
e12bf1c4b6712d15cebf8556b8d659bc928c6ac18efbb081d56811bd48ce3359
LimeRAT
f888221496147b75d54210c499498b02780082a4e241575c7374adf58c38d902
LimeRAT
fe52c98bfa1f03fa429f4044d5e5bfc3cfd4a571a0f6d37e955397cf583cace5
LimeRAT
+ 654 additional samples on MalwareBazaar
Result
Malware family:
limerat
Create hunting rule
Score:
  10/10
Tags:
persistence rat family:limerat
Link:
https://tria.ge/reports/200624-balv1ygvts/
Behaviour
Modifies registry key
Creates scheduled task(s)
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Adds Run entry to start application
Legitimate hosting services abused for malware hosting/C2
Loads dropped DLL
Executes dropped EXE
LimeRAT
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/10701/

Comments