MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1b210acdf6c35d38e7906b12cd12fbe21ef83fd15cb06a3daff8d0bdd7e4a7b2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LimeRAT


Vendor detections: 4


Intelligence 4 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1b210acdf6c35d38e7906b12cd12fbe21ef83fd15cb06a3daff8d0bdd7e4a7b2
SHA3-384 hash: 4442dd9081a17d72b31b610c5ce2e17e4b1c3d0007d584d0a239ef410c45a5c4272750228a3dbb56f7dcd156ff487e8c
SHA1 hash: 7342a27c4f8da945109bf490e3d8bd4719d2955a
MD5 hash: a466d03cb31322d1f8365124eef9d79c
humanhash: pasta-six-princess-burger
File name:a466d03cb31322d1f8365124eef9d79c
Download: download sample
Signature LimeRAT
Create hunting rule
File size:303'104 bytes
First seen:2020-11-17 15:36:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 3072:WHhUwJGjweDp3l5Vcb1pl1HWmBlHZ74rwvxv+qFDPbolfIpmRZtBu:Wsjwe13l5VC1FWmB77vxv+qFDwnZtB
TLSH 0F5466DE22F1205FD11985B09D99AFE06550EC797B52C316BC42FCDEAE353E688221F2
Reporter seifreed
Tags:LimeRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
611
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %AppData% subdirectories
Unauthorized injection to a recently created process
Creating a file
Using the Windows Management Instrumentation requests
Creating a window
DNS request
Sending a custom TCP request
Setting a single autorun event
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1b210acdf6c35d38e7906b12cd12fbe21ef83fd15cb06a3daff8d0bdd7e4a7b2/
Threat name:
ByteCode-MSIL.Trojan.Quasar
Create hunting rule
Status:
Malicious
First seen:
2020-11-06 00:23:00 UTC
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Unpacked files
SH256 hash:
1b210acdf6c35d38e7906b12cd12fbe21ef83fd15cb06a3daff8d0bdd7e4a7b2
MD5 hash:
a466d03cb31322d1f8365124eef9d79c
SHA1 hash:
7342a27c4f8da945109bf490e3d8bd4719d2955a
Link:
https://www.unpac.me/results/88fbceb4-43e2-4b29-8613-1977a1615afc/
SH256 hash:
79243bc7d5809322d4bb6286496db1711b239a17cfacfb158c6a6e5b91e57bb5
MD5 hash:
67e49231a7da6e0665d2b6510f7932f8
SHA1 hash:
22fba7336a9a804b0607c5a05e708ac753f5f4cb
Link:
https://www.unpac.me/results/88fbceb4-43e2-4b29-8613-1977a1615afc/
SH256 hash:
7c60e4e8379ed1b97e14ddc41217dfe16d68ab7895956d47801cd60745f766f8
MD5 hash:
2cb688d0782e1922bfa7754b45ef1acf
SHA1 hash:
c69301b424b9203a78aca78e5c39b52980956d76
Link:
https://www.unpac.me/results/88fbceb4-43e2-4b29-8613-1977a1615afc/
SH256 hash:
dc95d238ae26c35dec462510483c53c2d6b5eed1fad9137e7b46a8e3d8ea5b77
MD5 hash:
a9033473be69551bce8497be223d1ce6
SHA1 hash:
e38449fb533d21909b7b7fe142bfcd9b5ab24807
Link:
https://www.unpac.me/results/88fbceb4-43e2-4b29-8613-1977a1615afc/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_LimeRAT
Create hunting rule
Author:abuse.ch
Rule name:MALWARE_Win_LimeRAT
Create hunting rule
Author:ditekshen
Description:LimeRAT payload

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments