MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99b68453c0fe9b7440b10cbc6a839d8046819ae73a2ef9ca5b712e655e1416f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LimeRAT


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 99b68453c0fe9b7440b10cbc6a839d8046819ae73a2ef9ca5b712e655e1416f7
SHA3-384 hash: 4c5ea8514c55dfb51c85a9dd579e1b0ca7d0ea6fbf6397309ead40e4180a247cadc1d3e087de0f6284681f0260faa867
SHA1 hash: 6374b9cb9b3e4ec9709b065fe67b7cdb8c75bdd9
MD5 hash: 045ac18631327be74e1469fcd6a5dfb6
humanhash: cold-quebec-nitrogen-skylark
File name:99b68453c0fe9b7440b10cbc6a839d8046819ae73a2ef9ca5b712e655e1416f7
Download: download sample
Signature LimeRAT
Create hunting rule
File size:29'184 bytes
First seen:2020-07-06 07:30:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'741 x AgentTesla, 19'606 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 384:WB+Sbj6NKuZE6nrAHtNopHoiqDYHTcNfBwYvDKNrCeJE3WNg0ysdF0bNMALLQroS:Mpu26nrwtNoyeHgNS245Nj705MAbij
Threatray 291 similar samples on MalwareBazaar
TLSH 12D26C00B7E15345D3EC1AB60F7272550EB1DA17AD3BFB2D0CC554830AABED14B80AE2
Reporter JAMESWT_WT
Tags:LimeRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
963
Origin country :
n/a
Vendor Threat Intelligence
Detection:
LimeRAT
Create hunting rule
Link:
https://www.capesandbox.com/analysis/21318/
Detection(s):
Win.Malware.Barys-6836745-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Using the Windows Management Instrumentation requests
Creating a file in the %temp% subdirectories
Launching a process
Creating a process with a hidden window
Creating a process from a recently created file
Creating a window
DNS request
Sending a custom TCP request
Connection attempt
Enabling autorun with Startup directory
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/99b68453c0fe9b7440b10cbc6a839d8046819ae73a2ef9ca5b712e655e1416f7/
Threat name:
ByteCode-MSIL.Trojan.LimeRAT
Create hunting rule
Status:
Malicious
First seen:
2020-06-30 23:03:22 UTC
File Type:
PE (.Net Exe)
AV detection:
28 of 29 (96.55%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
258475fb4d0c7c39b4d702172b78d67fc9223792061729543c97d0950c396b5e
LimeRAT
2fbbe88ec8eff9ff1b939dd340ebb0fe74e60abf958f55b7044ad87dc426cd08
LimeRAT
3dff78186451d97e6c3403b885ffb148cc7130b2b787b915041c7363feb74c68
LimeRAT
4b6226b41a638ea48776cb12ed1ae05b312c7a0d7d8546c13c80c4c2e039cc29
LimeRAT
640c6f9d631ba2de61496a6542cd25ff15bb7e90359a269aafc6934016c12fa8
LimeRAT
6fe8005b1469268e2edc5e10ee3b4b79ffe26c351d13313f8da14ef38db3d83d
LimeRAT
7952bdc31aff90112f8b774602374bec264496134716b132cfbc832107fd15fe
LimeRAT
843097123a40e1442b2f08ce9c77ebc909a3e77e1ea3b6f21981a579ab2ea9be
LimeRAT
8a31c332dfb8714bc0c66300102fa84ee54a4027ed40e2c7082957abb431c34e
LimeRAT
e513eb020887dd56e85e55803b1afccb24ae116380947993da2e88a71e97be14
LimeRAT
+ 281 additional samples on MalwareBazaar
Result
Malware family:
limerat
Create hunting rule
Score:
  10/10
Tags:
rat family:limerat
Link:
https://tria.ge/reports/200706-tjvnc1x882/
Behaviour
Suspicious use of AdjustPrivilegeToken
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Legitimate hosting services abused for malware hosting/C2
Loads dropped DLL
Executes dropped EXE
LimeRAT
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/21318/

Comments