General
-
Target
2324-4-0x00000000001D0000-0x00000000001DC000-memory.dmp
-
Size
48KB
-
MD5
adce028f23b9145974911b7513807bed
-
SHA1
711afb8a50a86dead82b55946d62acff575ab746
-
SHA256
3eeb9a31ff3f4077c697f2ecb965667ec1bc1b4a44eb4c4205709bf37c8777b1
-
SHA512
316a8d7389113854ceae300c862c68c401de782ca66dc294b60366755d7e5aca9b6f2e23dba3ff205a3115b249e0434e78be56521cc902b1fb59116a2ee626ed
-
SSDEEP
384:IA3qR5fvogm2SN4hRtCGwnzsvecEoUprvFMua0bc3DBzUM9l/Us0Q5s:XqXSYC3xrDgCgje
Score
10/10
Malware Config
Extracted
Family
njrat
Version
0.7d
Botnet
HacKed
C2
backup.thedreamsop.com:39645
Mutex
Cortana
Attributes
-
reg_key
Cortana
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
2324-4-0x00000000001D0000-0x00000000001DC000-memory.dmp
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections