Overview

overview

10

Static

static

10

xsarSykrBgo1.exe

windows7-x64

7

xsarSykrBgo1.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    xsarSykrBgo1.exe

  • Size

    78KB

  • Sample

    230906-c28y2acg8x

  • MD5

    c6cdf3765a3a59bd73c101cf5cc18d65

  • SHA1

    cd15375177eab496a045b9da5c33c3ef6389df7d

  • SHA256

    7ce0b605d5d6574a9fdc106f6fd6ba8d908f9a32381759d9626aa7f3b74a1316

  • SHA512

    f330dbd9e5f1484a63e06b152a63eedfd004e18d318e47e9adae1b9faf26149853d7eef114ff0a968775f9b0af665b4b1ef5900ab96c81718f113fea46a1bbb6

  • SSDEEP

    1536:btF+6Y9yhU19DppS5wpOk3JCK6pFoNXd6fOpd/9nEh9TGWJvR:rhU19QwpOk5CK6HO/9ESWJv

Score
10/10
njratlime

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

Lime

C2

gremabenj.duckdns.org:9600

Mutex

Client.exe

Attributes
  • reg_key

    Client.exe

  • splitter

    8520

Targets

    • Target

      xsarSykrBgo1.exe

    • Size

      78KB

    • MD5

      c6cdf3765a3a59bd73c101cf5cc18d65

    • SHA1

      cd15375177eab496a045b9da5c33c3ef6389df7d

    • SHA256

      7ce0b605d5d6574a9fdc106f6fd6ba8d908f9a32381759d9626aa7f3b74a1316

    • SHA512

      f330dbd9e5f1484a63e06b152a63eedfd004e18d318e47e9adae1b9faf26149853d7eef114ff0a968775f9b0af665b4b1ef5900ab96c81718f113fea46a1bbb6

    • SSDEEP

      1536:btF+6Y9yhU19DppS5wpOk3JCK6pFoNXd6fOpd/9nEh9TGWJvR:rhU19QwpOk5CK6HO/9ESWJv

    Score
    7/10

    • Deletes itself

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks