Skip to content
MalwareWiki

RAT

LimeRAT

## Description Simple yet powerful RAT for Windows machines.

Description

Simple yet powerful RAT for Windows machines. This project is simple and easy to understand, It should give you a general knowledge about dotNET malwares and how it behaves.

Main Features

  • .NET
    • Coded in Visual Basic .NET, Client required framework 2.0 or 4.0 dependency, And server is 4.0
  • Connection
    • Using pastebin.com as ip:port , Instead of noip.com DNS. And Also using multi-ports
  • Plugin
    • Using plugin system to decrease stub's size and lower the AV detection
  • Encryption
    • The communication between server & client is encrypted with AES
  • Spreading
    • Infecting all files and folders on USB drivers
  • Bypass
    • Low AV detection and undetected startup method
  • Lightweight
    • Payload size is about 25 KB
  • Anti Virtual Machines
    • Uninstall itself if the machine is virtual to avoid scanning or analyzing
  • Ransomware
    • Encrypting files on all HHD and USB with .Lime extension
  • XMR Miner
    • High performance Monero CPU miner with user idle\active optimizations
  • DDoS
    • Creating a powerful DDOS attack to make an online service unavailable
  • Crypto Stealer
    • Stealing Cryptocurrency sensitive data
  • Screen-Locker
    • Prevents user from accessing their Windows GUI
  • And more
    • On Connect Auto Task
    • Force enable Windows RDP
    • Persistence
    • File manager
    • Passowrds stealer
    • Remote desktop
    • Bitcoin grabber
    • Downloader
    • Keylogger

Family metadata imported from Malpedia (Fraunhofer FKIE).