General

  • Target

    Lammer.exe

  • Size

    23KB

  • MD5

    d0c2d069ebad310d330724ecb8c34383

  • SHA1

    948c7dac951630a93d1d50cdc18a785a66bde4f3

  • SHA256

    33e10bdcff6ab52e473ffeff0c0a853fd8786c3c26b896a05b7091fbcccb9555

  • SHA512

    5ca77dad6ef30a5fc7031819f9d1311ec8f168c94c5678a712c8aeb82bf7101b85824a5f1e7b96ecc2746cf50f56e0c0d6c80a0ab471a67a4744b4015bcb075b

  • SSDEEP

    384:JluBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZoT:+OmhtIiRpcnuZ

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Lammer

C2

6.tcp.us-cal-1.ngrok.io:15616

Mutex

277e7c3302a3fa2bce6fdf09291934dd

Attributes
  • reg_key

    277e7c3302a3fa2bce6fdf09291934dd

  • splitter

    |'|'|

Signatures

  • Njrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Lammer.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections