General
-
Target
Lammer.exe
-
Size
23KB
-
Sample
231130-bnb7gaee9z
-
MD5
f7ec3d63b502817b80fd3dcf55490f51
-
SHA1
1497919717e785431989dafdc7fbfecfebce24fa
-
SHA256
21f363df520e1b7a2d6e57adf4184e00b6a4b203d5ce23bc0d3e7827f4831308
-
SHA512
80275c86efd7e9df3d1f6928d1a4a45d9b2b54ba3e42c1d76c4d72626afd99b30271b49071710492b5691765ab8799f9089dac1735940ead2fb5f61d07c31071
-
SSDEEP
384:NI2SUCoQ3XgUzwsGCw5zSEZJgA6hgHpFChrV1mRvR6JZlbw8hqIusZzZiJ:yNnzdwk8Rpcnu9
Malware Config
Extracted
njrat
0.7d
Lammer
88:1177
037e0025c7a22a528848d2878222da5d
-
reg_key
037e0025c7a22a528848d2878222da5d
-
splitter
|'|'|
Targets
-
-
Target
Lammer.exe
-
Size
23KB
-
MD5
f7ec3d63b502817b80fd3dcf55490f51
-
SHA1
1497919717e785431989dafdc7fbfecfebce24fa
-
SHA256
21f363df520e1b7a2d6e57adf4184e00b6a4b203d5ce23bc0d3e7827f4831308
-
SHA512
80275c86efd7e9df3d1f6928d1a4a45d9b2b54ba3e42c1d76c4d72626afd99b30271b49071710492b5691765ab8799f9089dac1735940ead2fb5f61d07c31071
-
SSDEEP
384:NI2SUCoQ3XgUzwsGCw5zSEZJgA6hgHpFChrV1mRvR6JZlbw8hqIusZzZiJ:yNnzdwk8Rpcnu9
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1