Overview

overview

10

Static

static

10

1228-80-0x...ry.exe

windows7-x64

1228-80-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1228-80-0x0000000000400000-0x0000000000410000-memory.dmp

  • Size

    64KB

  • MD5

    9ac26961b7135d6b04843c5543054299

  • SHA1

    5d304da0d5f13aebb292da8e7270efd3090d5a14

  • SHA256

    6131a76f127bd7054114bc0ae36e3ea61d86f382a2def4bf37a3e99d96ec16e2

  • SHA512

    c1f9764773b079a39ba95c1641f1af35d7d17db4d44e36fc6cead0df9496eef7bf7f9f7f79b81054d47ff53c647ce99de225777848d59a0c0999caec0e85f309

  • SSDEEP

    384:+uSvEiTbTvpWNcZ0y8fvCv3v35LkacparAF+rMRTyN/0L+EcoinblneHQM3epzXp:3S7TZ38fvCv3B1cQrM+rMRa8NuYO/t

Score
10/10
hackednjrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

7.tcp.eu.ngrok.io:17491

Mutex

46293b8715d0498a59f965850c26f1b4

Attributes
  • reg_key

    46293b8715d0498a59f965850c26f1b4

  • splitter

    |'|'|

Signatures

  • Njrat family
    njrat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1228-80-0x0000000000400000-0x0000000000410000-memory.dmp
    .exe windows x86


    Headers

    Sections