Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\windows media player.js
- <SYSTEM32>\tasks\limerat-admin
- %HOMEPATH%\winplayer\winplayer.exe
- 'pa###bin.com':443
- 'microsoft.com':80
- '23.##5.131.141':6565
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- 'pa###bin.com':443
- DNS ASK pa###bin.com
- DNS ASK microsoft.com
- '%HOMEPATH%\winplayer\winplayer.exe'
- '%WINDIR%\syswow64\schtasks.exe' /create /f /sc ONLOGON /RL HIGHEST /tn LimeRAT-Admin /tr "'%HOMEPATH%\Winplayer\Winplayer.exe'"' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /create /f /sc ONLOGON /RL HIGHEST /tn LimeRAT-Admin /tr "'%HOMEPATH%\Winplayer\Winplayer.exe'"