General
-
Target
2944-0-0x0000000000420000-0x000000000042C000-memory.dmp
-
Size
48KB
-
MD5
914aedf5171367a1790583c157259db6
-
SHA1
f1e5c2e3a17eb75bbf54a35548b1b7af627687ad
-
SHA256
ffd87cb2642ef71e720f4c552bb72b55ea77c259425da56fbcfc47479b6799be
-
SHA512
b99a09b2c6afedff6efe2117f8565a51fb02001d7cbea1ec862484d63ccb936b59a42d4cc7b83021dc288812b18f90cdf0d6f4b8a1ac5d8b5a957473a5861336
-
SSDEEP
384:9Ymdk8XvCJrQLdRGSiEYF7Y65gPyx6BDXN1mRvR6JZlbw8hqIusZzZR4:ywWkti/aiRpcnu9
Score
10/10
Malware Config
Extracted
Family
njrat
Version
0.7d
Botnet
Hsoooooone :$
C2
madara.selfip.net:49111
Mutex
4a9da9e19ee0c47a54e363b703439e5b
Attributes
-
reg_key
4a9da9e19ee0c47a54e363b703439e5b
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
2944-0-0x0000000000420000-0x000000000042C000-memory.dmp
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections