Lime-Worm is designed with a client-server architecture, allowing an attacker to manage infected systems remotely. Key features identified in forensic reports include:
: It often includes modules for cryptocurrency stealing (e.g., Bitcoin grabbers) and Monero mining. Technical Indicators Lime-Worm-0.5.8D.rar
: 151545B2302C1E441EB64ED5C65B05EDB6E100B2CBB6F5CD648C6088215407C1 Detection Tags : revengerat , rat , evasion , wmi-base64 . : It can autonomously spread through USB drives
: It can autonomously spread through USB drives and network vulnerabilities. : Attackers can monitor screens via Remote Desktop
The file (often seen as a .zip variant) is a known malicious archive containing Lime-Worm , a multi-functional threat that acts as a Remote Access Trojan (RAT) , ransomware , and worm . Malware Capabilities
The malware is written in and frequently uses obfuscation and Base64-encoded strings to hide its Command and Control (C2) addresses, which are sometimes hosted on services like Pastebin.
: Attackers can monitor screens via Remote Desktop , run files, restart or shutdown the machine, and steal passwords.