njrat | 0562122ca4ad3bf393d111cc8e2408a7c374b10ff09d9cc7f40933770b408f21 | Triage

Sharing

General

Target

Lammer.exe
Size

23KB
Sample

250124-p1e1saypet
MD5

57d52e1b44c96f301043976953c88a76
SHA1

0fe526ee33fa4db72cd2c4b177c4aaf1f3b0cb45
SHA256

0562122ca4ad3bf393d111cc8e2408a7c374b10ff09d9cc7f40933770b408f21
SHA512

7f55725d76af38eff42e79360b274fbfd2c274765c2113163a45327cc06480939a77c98c199c91914ceee1022dacabc1009cfe401ca16aba46d6ed7754aa47fc
SSDEEP

384:bYmdk8XvCJrQLdRGSiEYF7Y65gPyx6BDXNRmRvR6JZlbw8hqIusZzZso:kwWkti/aeRpcnuG

Score

10^/10

njrat lammer defense_evasion discovery persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Lammer

C2

station-gps.gl.at.ply.gg:26933

Mutex

6fe32c3cda07f1e8b91e22a447ac35bd

Attributes

reg_key
6fe32c3cda07f1e8b91e22a447ac35bd
splitter
|'|'|

Targets

- Target
  
  Lammer.exe
- Size
  
  23KB
- MD5
  
  57d52e1b44c96f301043976953c88a76
- SHA1
  
  0fe526ee33fa4db72cd2c4b177c4aaf1f3b0cb45
- SHA256
  
  0562122ca4ad3bf393d111cc8e2408a7c374b10ff09d9cc7f40933770b408f21
- SHA512
  
  7f55725d76af38eff42e79360b274fbfd2c274765c2113163a45327cc06480939a77c98c199c91914ceee1022dacabc1009cfe401ca16aba46d6ed7754aa47fc
- SSDEEP
  
  384:bYmdk8XvCJrQLdRGSiEYF7Y65gPyx6BDXNRmRvR6JZlbw8hqIusZzZso:kwWkti/aeRpcnuG
Score

8^/10

defense_evasion discovery persistence privilege_escalation
- Disables Task Manager via registry modification
  defense_evasion
- Modifies Windows Firewall
  defense_evasion
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceprivilege_escalation