MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a31c332dfb8714bc0c66300102fa84ee54a4027ed40e2c7082957abb431c34e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LimeRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8a31c332dfb8714bc0c66300102fa84ee54a4027ed40e2c7082957abb431c34e
SHA3-384 hash: 5319bc3d65fc2f7f9c751cc23024c2c3e98d90a2a00b09ead75285b24b6a862442788c4e7a02d86ad95da4a769b644bc
SHA1 hash: b07588a51b139a8eecc665c63ba9c1e223c35fc3
MD5 hash: d258e1301542ac20ec4f82f8a4122b6b
humanhash: blossom-romeo-equal-stream
File name:file
Download: download sample
Signature LimeRAT
Create hunting rule
File size:29'696 bytes
First seen:2020-02-27 13:37:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 384:WB+Sbj6NKh5U637AHtjL1qDhTi1E4r7Wc8vDKNrCeJE3WNgfKLHNqeA5q0dgQroO:Mphm637wtCTjaWcy45NVHNqeZuj
Threatray 89 similar samples on MalwareBazaar
TLSH 29D25D107BE09345D39C1AB50E71A2260EB1DA1BB93BFB6D0CC554931E6BED18784BE2
Reporter johannes
Tags:LimeRAT


Avatar
viql
limerat via https://pastebin.com/raw/Lj2UbfQJ

Intelligence

File Origin
# of uploads :
1
# of downloads :
997
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Barys-6836745-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Limerat
Create hunting rule
Status:
Malicious
First seen:
2020-02-26 14:57:00 UTC
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=riy4gmw7xbyuxqggmmabal5ij3suuqbh5vaofryiffl2xnbrynha._file
Verdict:
suspicious
Similar samples:
258475fb4d0c7c39b4d702172b78d67fc9223792061729543c97d0950c396b5e
LimeRAT
2fbbe88ec8eff9ff1b939dd340ebb0fe74e60abf958f55b7044ad87dc426cd08
LimeRAT
3dff78186451d97e6c3403b885ffb148cc7130b2b787b915041c7363feb74c68
LimeRAT
4adcc73ce3501f990fc95bfb0ebca1a4ca61054b137a34c7bc9435cfdd2b7f6a
LimeRAT
4b6226b41a638ea48776cb12ed1ae05b312c7a0d7d8546c13c80c4c2e039cc29
LimeRAT
7952bdc31aff90112f8b774602374bec264496134716b132cfbc832107fd15fe
LimeRAT
843097123a40e1442b2f08ce9c77ebc909a3e77e1ea3b6f21981a579ab2ea9be
LimeRAT
99b68453c0fe9b7440b10cbc6a839d8046819ae73a2ef9ca5b712e655e1416f7
LimeRAT
af14ffe4c3aa39dd8b219ca3cf1757492183c5ac069b507a1d36bb4430057582
LimeRAT
e513eb020887dd56e85e55803b1afccb24ae116380947993da2e88a71e97be14
LimeRAT
+ 79 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-1cnxt8kx4e/
Behaviour
Suspicious use of AdjustPrivilegeToken
Legitimate hosting services abused for malware hosting/C2
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8a31c332dfb8714bc0c66300102fa84ee54a4027ed40e2c7082957abb431c34e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments