General
-
Target
953cb72ec7feee841757eca646add75d
-
Size
2.6MB
-
Sample
240206-xmsnqafchm
-
MD5
953cb72ec7feee841757eca646add75d
-
SHA1
f594c79a413380cd4f6717097b4003a252f1a84c
-
SHA256
35905f3d15f4c53feaec8bf0a3fba99621f8ffb8e02f64a03323d6674976b3b5
-
SHA512
cd8d50039fdf1ade147cbf50dc9b24e1e652a1d1a8eedb4ef2ebb51ebd8dbbef8e1b4fc0e56dc420ec528558a316366157ee5bd3853e0cd7f879bfe63d7d785a
-
SSDEEP
49152:eFFdWfzEeWY3LvXf5IAjYGoW6qQluP+xsKRbYJlotmqahJBt21:e5IeY37yAjYKP25YJIm5G
Static task
static1
Behavioral task
behavioral1
Sample
953cb72ec7feee841757eca646add75d.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
953cb72ec7feee841757eca646add75d.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
njrat
0.7d
Lammer
bp2020.ddns.net:666
ca1abf05f66deec6f87b6b8a8e6cac15
-
reg_key
ca1abf05f66deec6f87b6b8a8e6cac15
-
splitter
|'|'|
Targets
-
-
Target
953cb72ec7feee841757eca646add75d
-
Size
2.6MB
-
MD5
953cb72ec7feee841757eca646add75d
-
SHA1
f594c79a413380cd4f6717097b4003a252f1a84c
-
SHA256
35905f3d15f4c53feaec8bf0a3fba99621f8ffb8e02f64a03323d6674976b3b5
-
SHA512
cd8d50039fdf1ade147cbf50dc9b24e1e652a1d1a8eedb4ef2ebb51ebd8dbbef8e1b4fc0e56dc420ec528558a316366157ee5bd3853e0cd7f879bfe63d7d785a
-
SSDEEP
49152:eFFdWfzEeWY3LvXf5IAjYGoW6qQluP+xsKRbYJlotmqahJBt21:e5IeY37yAjYKP25YJIm5G
Score10/10-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1