General
-
Target
Lammer.exe
-
Size
23KB
-
Sample
231205-c7j7vshb83
-
MD5
d0c2d069ebad310d330724ecb8c34383
-
SHA1
948c7dac951630a93d1d50cdc18a785a66bde4f3
-
SHA256
33e10bdcff6ab52e473ffeff0c0a853fd8786c3c26b896a05b7091fbcccb9555
-
SHA512
5ca77dad6ef30a5fc7031819f9d1311ec8f168c94c5678a712c8aeb82bf7101b85824a5f1e7b96ecc2746cf50f56e0c0d6c80a0ab471a67a4744b4015bcb075b
-
SSDEEP
384:JluBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZoT:+OmhtIiRpcnuZ
Behavioral task
behavioral1
Sample
Lammer.exe
Resource
win10-20231020-en
Behavioral task
behavioral2
Sample
Lammer.exe
Resource
win10v2004-20231127-en
Behavioral task
behavioral3
Sample
Lammer.exe
Resource
win11-20231128-en
Malware Config
Extracted
njrat
0.7d
Lammer
6.tcp.us-cal-1.ngrok.io:15616
277e7c3302a3fa2bce6fdf09291934dd
-
reg_key
277e7c3302a3fa2bce6fdf09291934dd
-
splitter
|'|'|
Targets
-
-
Target
Lammer.exe
-
Size
23KB
-
MD5
d0c2d069ebad310d330724ecb8c34383
-
SHA1
948c7dac951630a93d1d50cdc18a785a66bde4f3
-
SHA256
33e10bdcff6ab52e473ffeff0c0a853fd8786c3c26b896a05b7091fbcccb9555
-
SHA512
5ca77dad6ef30a5fc7031819f9d1311ec8f168c94c5678a712c8aeb82bf7101b85824a5f1e7b96ecc2746cf50f56e0c0d6c80a0ab471a67a4744b4015bcb075b
-
SSDEEP
384:JluBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZoT:+OmhtIiRpcnuZ
Score10/10-
Modifies Windows Firewall
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1