Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\update.exe
- <SYSTEM32>\tasks\limerat-admin
- %APPDATA%\system32\temp\svchost.exe
- 'te##bin.net':443
- DNS ASK te##bin.net
- '%APPDATA%\system32\temp\svchost.exe'
- '%WINDIR%\syswow64\schtasks.exe' /create /f /sc ONLOGON /RL HIGHEST /tn LimeRAT-Admin /tr "'%APPDATA%\System32\Temp\svchost.exe'"' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /create /f /sc ONLOGON /RL HIGHEST /tn LimeRAT-Admin /tr "'%APPDATA%\System32\Temp\svchost.exe'"