![]() The MD5CryptoServiceProvider class, as the name implies, is used to compute an MD5 hash.Ģ. If analysts search for the RijndaelManaged class on MSDN, they see that it is essentially an obsolete implementation of the AES encryption algorithm (MITRE T1027). Instances of the RijndaelManaged and MD5CryptoServiceProvider classes are created. NET language, ANY.RUN opened it in DnSpy.ġ. Upon inspection, ANY.RUN observed that the code has been obfuscated (MITRE T1027) and unreadable: the names of classes, methods, and variables are made out of random glyphs. Additionally, LimeRAT can execute arbitrary commands, drop other malware, download and upload files, and even use the infected machine for crypto-mining or DDoS attacks.ĪNY.RUN opened a sample in Detect It Easy. Some of these include keylogging, stealing passwords, and capturing screenshots. What makes LimeRAT particularly interesting is its ability to perform a wide range of malicious activities. ![]() It’s a versatile piece of malware designed to give attackers control over an infected system. ![]() LimeRAT is a Remote Access Trojan (RAT) that’s been around for a few years now. Here are some highlights from the hood of a modular RAT - LimeRAT: DUBAI, UNITED ARAB EMIRATES, March 29, 2023/ / - ANY.RUN, a cybersecurity company developing an interactive sandbox analytical platform for malware researchers, presents the LimeRAT Malware Analysis. ![]()
0 Comments
Leave a Reply. |