Overview

overview

10

Static

static

10

Lime-Worm-...FM.dll

windows7-x64

1

Lime-Worm-...FM.dll

windows10-2004-x64

1

Lime-Worm-...ib.dll

windows7-x64

1

Lime-Worm-...ib.dll

windows10-2004-x64

1

Lime-Worm-...32.dll

windows7-x64

1

Lime-Worm-...32.dll

windows10-2004-x64

1

Lime-Worm-...IN.dll

windows7-x64

1

Lime-Worm-...IN.dll

windows10-2004-x64

1

Lime-Worm-...WD.dll

windows7-x64

1

Lime-Worm-...WD.dll

windows10-2004-x64

1

Lime-Worm-...DP.dll

windows7-x64

1

Lime-Worm-...DP.dll

windows10-2004-x64

1

Lime-Worm-...SB.dll

windows7-x64

1

Lime-Worm-...SB.dll

windows10-2004-x64

1

Lime-Worm-...ub.exe

windows7-x64

1

Lime-Worm-...ub.exe

windows10-2004-x64

1

Lime-Worm-...et.dll

windows7-x64

1

Lime-Worm-...et.dll

windows10-2004-x64

1

Lime-Worm-...32.exe

windows7-x64

10

Lime-Worm-...32.exe

windows10-2004-x64

10

Lime-Worm-...ef.exe

windows7-x64

1

Lime-Worm-...ef.exe

windows10-2004-x64

1

Lime-Worm-...ec.exe

windows7-x64

1

Lime-Worm-...ec.exe

windows10-2004-x64

1

Luminosity...il.dll

windows7-x64

1

Luminosity...il.dll

windows10-2004-x64

1

Luminosity...ip.exe

windows7-x64

1

Luminosity...ip.exe

windows10-2004-x64

1

Luminosity...ub.exe

windows7-x64

1

Luminosity...ub.exe

windows10-2004-x64

1

Luminosity...md.exe

windows7-x64

1

Luminosity...md.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Rats-Pack-V-9-By-Arsium-Vol-3.zip

  • Size

    422.8MB

  • Sample

    240516-xkr96sbb6s

  • MD5

    8edd20e39cbede9e88f07984858b790e

  • SHA1

    0f1d0e13eea5645b022d52a8a0c893e111f870e9

  • SHA256

    4eeb5d8830e378c5c351d8ea1f8b370364e6ab530573e1f609d8d459e3f23b1a

  • SHA512

    ad3403663d130865124e3ae7850e5582f88a3d1b7ffd0fa235eb2ad356def5a0ab8f760f6fa9ac3f19bdf4f576bdcfc39cd1b9822264fc8cab1ee5642dde5a4e

  • SSDEEP

    3145728:U0JckZTjPNM/W2u5LeZmZCytDH2OtGlOEoPmwBcr8M6bh44x4tsidgSwiUa+NiXJ:X+Nu5EnyBBAwpPBzxaUa+MX/LVqW

Score
10/10
asyncratdanabotdarktrackquasarraccoonrevengeratspymaxspynoteaspackv2macromacro_on_actionratstealertrojanupx

Malware Config

Extracted

Family

danabot

C2

111.0.119.0:78

110.0.0.7:768

89.0.101.0:2304

115.0.0.5:108
Attributes
  • embedded_hash

    ���������������\�@������������

  • type

    loader

Extracted

Family

quasar

Attributes
  • reconnect_delay

    5000

Extracted

Family

spymax

C2

[SPY_MAX_IP]:[SPY_MAX_PORT]

Extracted

Family

spynote

C2

[SPY_NOTE_HOST_OK]:[SPY_NOTE_PORT_OK]

Extracted

Family

revengerat

Mutex

Targets

    • Target

      Lime-Worm-0.5.8D\Plugin\FM.dll

    • Size

      13KB

    • MD5

      c788693561dc4075f4e703ed11deb273

    • SHA1

      bcaa67def6168d1062f7dc26012dddeec3f70284

    • SHA256

      a47bbd8f6106490590ae0f2e2b8a9452fda3abb08591e0552468f86a348df42b

    • SHA512

      1d8a5d7251caee5e379254e15af0ee962f29474b699d170e72abef9abed11fee2d7479fefe5a4333858bee8470eb11a1024e059c56cca45b5da73e0a60d90d85

    • SSDEEP

      384:0gUntVMF0dawavDvFcZEBYK5YnFbA4t4XohY7fuDk8+A:0gUnTMFz9KEWK5TSYLu48+A

    Score
    1/10
    behavioral1behavioral2

    • Target

      Lime-Worm-0.5.8D\Plugin\IconLib.dll

    • Size

      59KB

    • MD5

      45ecaf5e82da876240f9be946923406c

    • SHA1

      0e79bfe8ecc9b0a22430d1c13c423fbf0ac2a61d

    • SHA256

      087a0c5f789e964a2fbcb781015d3fc9d1757358bc63bb4e0b863b4dffdb6e4f

    • SHA512

      6fd4a25051414b2d70569a82dff5522606bfc34d3eaeea54d2d924bc9c92e479c7fda178208026308a1bf9c90bee9dbcaf8716d85c2ab7f383b43b0734329bc8

    • SSDEEP

      768:WhZeVOIr9zmWGODfqED8zOJI+IpXgJKCAyEpd+rnwTIQJAqLiA4B0FdIOFMBC3Wd:EP1m3KpOKSEp1TzCaFiPBhlg36eiikN

    Score
    1/10
    behavioral3behavioral4

    • Target

      Lime-Worm-0.5.8D\Plugin\Interop.Shell32.dll

    • Size

      38KB

    • MD5

      4081972671d5f13b47ec7959203fead6

    • SHA1

      a0f1db457061a13987d633b5572a32961c533e71

    • SHA256

      fac1a1e3ce935119df39921e814fac8f5059e2cf5d7dd93aab8bced58f8e68b6

    • SHA512

      9433c2afb8a61d810b3c7ceccec7f922abdb0903d85650c1dd271c4364524c7b9cd294182b0bb30cd1e34f1974bf31ea6b722a3afecbfe0b86b9f8293cef291b

    • SSDEEP

      768:dXx4tUzcSKMnrhUypq45156hkSdyO7UQmTVOxA+rzWww+HMFmx6Hj7tr+BQOMcG:dXx4tUPvt3pq451pOwQm0iKbHG

    Score
    1/10
    behavioral5behavioral6

    • Target

      Lime-Worm-0.5.8D\Plugin\PIN.dll

    • Size

      112KB

    • MD5

      aca4928052088f8d803b7120c324e295

    • SHA1

      d3e14c2a916e27702cfc5cd9c00850307ab8aef0

    • SHA256

      ec0bdc4363cf60527f83849ed10b7708d596cc8053f8647898101ef0fbfcaf84

    • SHA512

      b85af0f8cfbca009179af5b920072b715c891f7c832cbcb3788914192b41d7db661574e0dba0eae67c630f049de1a240e919c9a16c1dbf11c7d215631764ee13

    • SSDEEP

      3072:bjNhP1mcvSy3zkNNXx4tUPvt3pq451pOlxhGX:bqykNXGtUPvt3pq45vmxh

    Score
    1/10
    behavioral7behavioral8

    • Target

      Lime-Worm-0.5.8D\Plugin\PWD.dll

    • Size

      24KB

    • MD5

      3170bf386bd975b4b6e206b7afcd0713

    • SHA1

      68512c413fef704efd6fd4f2a81812fced187694

    • SHA256

      ea5a35f3c99441a9c6d770abd553c17fcfea429617ea6bec1859379b1a4e7fef

    • SHA512

      7a1aeafe9eac0cc9bf47ff6700ef2c811d6bf2de9859cad8b2e3dcdf820198007ab153a8fdb4d29fa0d6a566dd680ba1b1ed4c8ca9d1a34850bbdeaec36a73f1

    • SSDEEP

      384:KWdqUhO0icrXMsMHVcEeU0hWbJO9khCr3g1WDdJucfj7nfRAuv4YP0GS/sT088BW:R3fic6VcDWbJ12+ad1fRp+GYsJH

    Score
    1/10
    behavioral10behavioral9

    • Target

      Lime-Worm-0.5.8D\Plugin\RDP.dll

    • Size

      17KB

    • MD5

      efb1f9e145a734eaf91b4cdbecebf6f3

    • SHA1

      d7caf19661d193c9abdebd125b2464fca7e09eda

    • SHA256

      e48b167a21fbd266fd38e0fc62c11c88f689d80910d48dcf4d2f7e16848a327b

    • SHA512

      fe9f75e436ea98ffc4eacb32d48326ae3ec80d693708c25c757d71a862bc3b8590677480277f5fa67203f7475c2b29e30ec958f003939cba1a3dc82e5c95adfd

    • SSDEEP

      384:EgS9wb4I6dj9MCBAiYP5/mDzLc8/UaUwIHsYt:EgS9wz6B9MCBtKCaHsYt

    Score
    1/10
    behavioral11behavioral12

    • Target

      Lime-Worm-0.5.8D\Plugin\USB.dll

    • Size

      88KB

    • MD5

      56168b9344bb038d244200eb78510cc2

    • SHA1

      959eb35785ef94d980eaca3fbd69949d588f577a

    • SHA256

      2d40d34dd5b25e55e6242c8755d8439bcce3a5ed762133c70402a786b84e4298

    • SHA512

      27b69d12698618b969943714e5de9853e1f7aa6b77d197e16fd6202ebd6a9f15df325fe17c7ced2783d5894c186fe2de6e3995a3dff97e7c28d0609ce13001a0

    • SSDEEP

      1536:e8nRi4PmvgldWaae4KaFCZPP1m3KpOKSEp1TzCaFiPBhlg36eiikNd:eORi4Pmvgmaa/KmCFP1mcvSy3zkNd

    Score
    1/10
    behavioral13behavioral14

    • Target

      Lime-Worm-0.5.8D\Stub\Stub.exe

    • Size

      23KB

    • MD5

      1caf905bb41f2ad4276434e0ffc98e6d

    • SHA1

      3c3a8365d35e4ca5afd31cbe78730878396a4dfd

    • SHA256

      140fe71dd70d34732730dd15d685510f3f1c0e46d5d0ff19e93b6eac183ad13e

    • SHA512

      23ada7ee3c77853915ea33f03e75e16a717179089539854d7ac25d4d757a69b18f3359530a0733f78fb0440f9be0400a0c0c6b0a3f3163cfb78c10f14fce9076

    • SSDEEP

      384:J+phBgqtdAj8g5Q6XUb1GIcopFK47v+vcxhKNjmJj1Qro0wdH1FM:JcArzXUb9NRqVNaU01G

    Score
    1/10
    behavioral15behavioral16

    • Target

      Lime-Worm-0.5.8D\WinMM.Net.dll

    • Size

      325KB

    • MD5

      908b2955b450a525096551ff3b05729d

    • SHA1

      213eba7bcd910e833df43f351ac8dba729d0743c

    • SHA256

      37670b8b01cb1c83e63ae6323705b2ae080183fc166f45ee6d23040e2fc37980

    • SHA512

      3b226d61779d7a5b7d6cc22ec224d75866206044e26f9252f86e017a2061a4f10a8a2e79b6708152cf66e77ec47b29a53c12bae95c192a0979966c95ff1fa0e1

    • SSDEEP

      6144:D5BzHe8nozKCeqxyjihcbtnGxCXpZGkIzjycdjFQ2uFib:Hbe8kKCepeG0xCXfGkIzecdjFhu8b

    Score
    1/10
    behavioral17behavioral18

    • Target

      Lime-Worm-0.5.8D\database32.dll

    • Size

      2.8MB

    • MD5

      7028559abf0ccebf9692eb24651b4be1

    • SHA1

      474e96eb203f4978c9c6e7568f4b7a9b20c329af

    • SHA256

      b437592443e6c798ac25566400e1a1b4f29ef76a63bc5cd112316f5f4f34e45e

    • SHA512

      3d0d22d68dda3fb8b27a31216c9a31387e8937645cd0bce7ca5e89f91b4f3addc6d05244cd9617acbecd26547adb563f7e40e516d398d4c741eefb295ff10f3e

    • SSDEEP

      24576:1dTuyaUzkI/oMi5QNCRzJ4ZBoPUDmJbedDxCPEicdjFhu8bU:1dTuyaU/or+AkyNyXicdjFhuC

    Score
    10/10
    revengeratstealertrojan
    behavioral19behavioral20

    • Target

      Lime-Worm-0.5.8D\libcef.lib

    • Size

      211KB

    • MD5

      59238144771807b1cbc407b250d6b2c3

    • SHA1

      6c9f87cca7e857e888cb19ea45cf82d2e2d29695

    • SHA256

      8baa5811836c0b4a64810f6a7d6e1d31d7f80350c69643dc9594f58fd0233a7b

    • SHA512

      cf2f8b84526ae8a1445a2d8a2b9099b164f80a7b7290f68058583b0b235395d749ad0b726c4e36d5e901c18d6946fd9b0dd76c20016b65dc7a3977f68ee4a220

    • SSDEEP

      3072:CFITGLr+kmeUE2+YA8zuxD1gb/uVVohUFVEovODl9ply5nk/7K1bjT5h3qs:CbLUEkAtvaumhUXvwl9P62

    Score
    1/10
    behavioral21behavioral22

    • Target

      Lime-Worm-0.5.8D\libexec.dll

    • Size

      238KB

    • MD5

      4e6a7ee0e286ab61d36c26bd38996821

    • SHA1

      820674b4c75290f8f667764bfb474ca8c1242732

    • SHA256

      f67daf4bf2ad0e774bbd53f243e66806397036e5fde694f3856b27bc0463c0a3

    • SHA512

      f9d99d960afce980421e654d1d541c1fdb81252615c48eed5c4a5c962cb20123d06dbdf383a37a476aa41e4ffabca30e95a8735739c35f66efbaa1dee8a9ba8a

    • SSDEEP

      3072:6sGTNBBPt3lBtx5ebLDCc0p00JakwEn0ZtAq0nHHdNwooe+6t3ieCx9UWPrcFw+z:ID5t3lBrGdkwFi3HHdN1Zt9CxVgeH

    Score
    1/10
    behavioral23behavioral24

    • Target

      LuminosityLink+builder\Builder\Mono.Cecil.dll

    • Size

      305KB

    • MD5

      851ec9d84343fbd089520d420348a902

    • SHA1

      f8e2a80130058e4db3cf569cf4297d07d05c93e0

    • SHA256

      cdadc26c09f869e21053ee1a0acf3b2d11df8edd599fe9c377bd4d3ce1c9cda9

    • SHA512

      5e1d1b953fda4a905749eff8c4133a164748ba08c4854348539d335cf53c873eae7c653807a2701bf307693a049ae6c523bd1497a8e659bdea0a71085a58a5f1

    • SSDEEP

      6144:ueMQM/aMOZabe3h1PtRjAqmYVNf3yTXcYBbt6KMBhu:uF/aMDb8BtRjA7XcYNclB

    Score
    1/10
    behavioral25behavioral26

    • Target

      LuminosityLink+builder\Builder\builder_con2trip.exe

    • Size

      103KB

    • MD5

      a10cd7acbdbff06d18bc5c00d40d3a07

    • SHA1

      40548f86194adcadd13d9d96d85b33647a35f0a2

    • SHA256

      55fec5eca1c1e2a0304088cf9eff5f85df1263d3bb178f0834de26168e4014bb

    • SHA512

      fcbe9fd7a943de79cd367b0091c4ccba094e8e03835819e435dc1209a588df6fb98c0df5ed6f81e8135ace59736bf4c61c87dcc9b31d89ecb83afb7fea3ae206

    • SSDEEP

      3072:/IRxwLRMcR9aBeWvfxLWDwreWJ2NJgfV4NY:omLbR9JWJWwJYJgf

    Score
    1/10
    behavioral27behavioral28

    • Target

      LuminosityLink+builder\Builder\stub.exe

    • Size

      143KB

    • MD5

      c6f9eaba6f901506d086367d35a2db3b

    • SHA1

      ad5931969b5b96a4752dbe21585ece590ef99d56

    • SHA256

      168c28d1e794eebe0e1e31dbd64f11dc1587ce766aa7d13dbcd065d86e80afd0

    • SHA512

      80040f5f93319c3389f40f5b671f3df9fe81f9736219eedb78bfa24b64a1e4672937d4fe629f6ff2501c11c3a48f82acee6c7030d02ff6e84665249b0fd6b17c

    • SSDEEP

      3072:p/uybjWFAN44SHX4ty3IP25Ll40TV8P0rnpiyxbF:pmA22S314WZGe

    Score
    1/10
    behavioral29behavioral30

    • Target

      LuminosityLink+builder\Builder\stub_delete_by_cmd.exe

    • Size

      143KB

    • MD5

      a4d9b77d169f97f76d963563b1c0ac86

    • SHA1

      0e7b0bcd79680932e1bf7f71f06dedef25a78ae2

    • SHA256

      7cb6b189b78c153a308a2df9a2a49f0637808600d4054349280db162fb35872c

    • SHA512

      cc9aad0c962b4a87ea3d62d29f3ba15bcf38a0635fc1a27cb146c8cc2812215ab84d3d107f62487739d883ec5f52d03e395db3d3d52cd0fbd3c196b70e0493cf

    • SSDEEP

      3072:C/jybjWFAN44SHX4ty3IP25Ll40TV109hpiyxbF:CLA22S314WZi9

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

macromacro_on_actionratupxaspackv2darktrackquasarraccoondanabotasyncratspymaxspynote
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

revengeratstealertrojan
Score
10/10

behavioral20

revengeratstealertrojan
Score
10/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10