Behavioral task
behavioral1
Sample
Lammer.exe
Resource
win10-20231020-en
Behavioral task
behavioral2
Sample
Lammer.exe
Resource
win10v2004-20231127-en
Behavioral task
behavioral3
Sample
Lammer.exe
Resource
win11-20231128-en
General
-
Target
Lammer.exe
-
Size
23KB
-
MD5
d0c2d069ebad310d330724ecb8c34383
-
SHA1
948c7dac951630a93d1d50cdc18a785a66bde4f3
-
SHA256
33e10bdcff6ab52e473ffeff0c0a853fd8786c3c26b896a05b7091fbcccb9555
-
SHA512
5ca77dad6ef30a5fc7031819f9d1311ec8f168c94c5678a712c8aeb82bf7101b85824a5f1e7b96ecc2746cf50f56e0c0d6c80a0ab471a67a4744b4015bcb075b
-
SSDEEP
384:JluBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZoT:+OmhtIiRpcnuZ
Malware Config
Extracted
njrat
0.7d
Lammer
6.tcp.us-cal-1.ngrok.io:15616
277e7c3302a3fa2bce6fdf09291934dd
-
reg_key
277e7c3302a3fa2bce6fdf09291934dd
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource Lammer.exe
Files
-
Lammer.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ