General
-
Target
1524-57-0x0000000000310000-0x0000000000322000-memory.dmp
-
Size
72KB
-
MD5
947af0fdddda235ab1cf2c8735591204
-
SHA1
953efb0afa8e05295995b2f3b1ffb5f2771c28e6
-
SHA256
0b7123b2792673039dbffa03db0b8da57e65b6bdb4ab10cef1972220530a6cd8
-
SHA512
881f5f8ccd77466950994c7d07ab650d84dd3f2e7008a59cb5d3096db8b9502ba02e9d9edef2c7e7fefddd646089b68ead9eadcb21f6582d9029461b86879be8
-
SSDEEP
384:MZy1qFgpWoy7krZtEVOsMBIHAkHC9D9O5UE5QzwBlpJNakkjh/TzF7pWnLH3gree:qnWol70ZtGOKgcvQO+GHd+LGkF
Score
10/10
Malware Config
Extracted
Family
njrat
Version
Njrat 0.7 Golden By Hassan Amiri
Botnet
teste
C2
0.tcp.ngrok.io:18236
Mutex
Windows Update
Attributes
-
reg_key
Windows Update
-
splitter
|Hassan|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
1524-57-0x0000000000310000-0x0000000000322000-memory.dmp
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections