LimeRAT spreads in the wild
Security Affairs
APRIL 9, 2019
The installed payload actually is a Base64 encoded PE32 file, file-lessly stored within the registry hive to avoid antivirus detection. Also, the attacker behind this sample leans on the Dynamic DNS service “warzonedns.com”, pointing to the 213.183.58[.10 Figure 5: Final payload written in the registry key in base64 Format.
Let's personalize your content