Overview

overview

10

Static

static

10

7B1809B4AA...6A.exe

windows7-x64

10

7B1809B4AA...6A.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7B1809B4AA561D6A694744164831856A.exe

  • Size

    23KB

  • Sample

    240128-tf782sdae4

  • MD5

    7b1809b4aa561d6a694744164831856a

  • SHA1

    efa9b84a0e9f0c8ae1dd1fb0c7b28366ca3c04bf

  • SHA256

    f44f9ca899f0ac7efc49d491703f249b86f4863914baddd8cedeb3646d0086ae

  • SHA512

    ad3dbf695d19b9224f23af11793a2520a7717b8b545b4561046bd033161e13a11286374b0f17234aacf9247864c106db5323e2327f10b885a98ec62b44f55afe

  • SSDEEP

    384:HY324bcgPiJLQrfARGSRUJsbY6ZgvSMBD3tVmRvR6JZlbw8hqIusZzZaA:QL2s+tRdRpcnuk

Score
10/10
njratlammerevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Lammer

C2

165.227.31.192:22509

Mutex

3378fb27680d4a9a06e6f191501123e0

Attributes
  • reg_key

    3378fb27680d4a9a06e6f191501123e0

  • splitter

    |'|'|

Targets

    • Target

      7B1809B4AA561D6A694744164831856A.exe

    • Size

      23KB

    • MD5

      7b1809b4aa561d6a694744164831856a

    • SHA1

      efa9b84a0e9f0c8ae1dd1fb0c7b28366ca3c04bf

    • SHA256

      f44f9ca899f0ac7efc49d491703f249b86f4863914baddd8cedeb3646d0086ae

    • SHA512

      ad3dbf695d19b9224f23af11793a2520a7717b8b545b4561046bd033161e13a11286374b0f17234aacf9247864c106db5323e2327f10b885a98ec62b44f55afe

    • SSDEEP

      384:HY324bcgPiJLQrfARGSRUJsbY6ZgvSMBD3tVmRvR6JZlbw8hqIusZzZaA:QL2s+tRdRpcnuk

    Score
    10/10
    njratevasionpersistencetrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks