MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 302dae63587747056fc6438d04aa984fcadea09d2c7ce7bf7ebeb9e3b8798106. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LimeRAT


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 302dae63587747056fc6438d04aa984fcadea09d2c7ce7bf7ebeb9e3b8798106
SHA3-384 hash: 10d5536d58dcfe0596a70b0725c389196d242fbb21d52672c3f749bf7eb71271377e88cd6ffd81d7c4a891d784f8d525
SHA1 hash: 48e14eb9b9fb3a8d5ffc3c3d3456562c3ac5fb17
MD5 hash: 48390513a0096f95fe18ba96582305e5
humanhash: rugby-california-carolina-tennis
File name:E9uWcU7Y.exe
Download: download sample
Signature LimeRAT
Create hunting rule
File size:29'184 bytes
First seen:2020-09-28 18:32:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 384:PB+Sbj6NK2fv6ZRAHN8A+qD/hUlA/8vDKNrCeJE3WNgGuGOx64pGVlBcQro3lcYr:pp2H6ZRwNFi6/y45NiBsDVl8Nj
Threatray 18 similar samples on MalwareBazaar
TLSH C7D26D1477E19345D3DD1AB60F7162190FB1DA07A93BFF2D0CC960971AA7EC18A84ED2
Reporter pmelson
Tags:exe Lime-RAT LimeRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
832
Origin country :
n/a
Vendor Threat Intelligence
Detection:
LimeRAT
Create hunting rule
Link:
https://www.capesandbox.com/analysis/66509/
Detection(s):
Win.Malware.Barys-6836745-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Using the Windows Management Instrumentation requests
Creating a window
DNS request
Sending a custom TCP request
Connection attempt
Result
Threat name:
LimeRAT
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/476738
Signature
Antivirus / Scanner detection for submitted sample
Connects to a pastebin service (likely for C&C)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Protects its processes via BreakOnTermination flag
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected LimeRAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/302dae63587747056fc6438d04aa984fcadea09d2c7ce7bf7ebeb9e3b8798106/
Threat name:
ByteCode-MSIL.Trojan.LimeRAT
Create hunting rule
Status:
Malicious
First seen:
2020-09-28 18:34:10 UTC
AV detection:
28 of 29 (96.55%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gaw24y2yo5dqk36giogqjkuyj7fn5ie5fr6opp36x246hodzqeda._file
Verdict:
suspicious
Similar samples:
2fbbe88ec8eff9ff1b939dd340ebb0fe74e60abf958f55b7044ad87dc426cd08
LimeRAT
3dff78186451d97e6c3403b885ffb148cc7130b2b787b915041c7363feb74c68
LimeRAT
640c6f9d631ba2de61496a6542cd25ff15bb7e90359a269aafc6934016c12fa8
LimeRAT
6fe8005b1469268e2edc5e10ee3b4b79ffe26c351d13313f8da14ef38db3d83d
LimeRAT
7952bdc31aff90112f8b774602374bec264496134716b132cfbc832107fd15fe
LimeRAT
843097123a40e1442b2f08ce9c77ebc909a3e77e1ea3b6f21981a579ab2ea9be
LimeRAT
8a31c332dfb8714bc0c66300102fa84ee54a4027ed40e2c7082957abb431c34e
LimeRAT
90666fed3631675941ebf68c15b33f638b843c67186c721c78b23a8f14c64df2
LimeRAT
99b68453c0fe9b7440b10cbc6a839d8046819ae73a2ef9ca5b712e655e1416f7
LimeRAT
efddb8625f7f35e91fad6672c67fe3c5073ba036d95e640de966fe68025afaff
LimeRAT
+ 8 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/200928-c7yqvt4r6j/
Behaviour
Suspicious use of AdjustPrivilegeToken
Legitimate hosting services abused for malware hosting/C2
Unpacked files
SH256 hash:
302dae63587747056fc6438d04aa984fcadea09d2c7ce7bf7ebeb9e3b8798106
MD5 hash:
48390513a0096f95fe18ba96582305e5
SHA1 hash:
48e14eb9b9fb3a8d5ffc3c3d3456562c3ac5fb17
Link:
https://www.unpac.me/results/e4d10c45-f2fd-4c41-a45b-7fdef46c6ffd/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Barys
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/302dae63587747056fc6438d04aa984fcadea09d2c7ce7bf7ebeb9e3b8798106

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LimeRAT

Executable exe 302dae63587747056fc6438d04aa984fcadea09d2c7ce7bf7ebeb9e3b8798106

(this sample)

  
Link
https://www.virustotal.com/gui/file/302dae63587747056fc6438d04aa984fcadea09d2c7ce7bf7ebeb9e3b8798106/detection
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/66509/

Comments