General
-
Target
2924-454-0x000000001B690000-0x000000001B69C000-memory.dmp
-
Size
48KB
-
MD5
b76e969602eee9432a447b764f56a684
-
SHA1
549b3554301c22e427c8089c0a4aa8d0b85bb220
-
SHA256
1cee59ea9815791bf032299c0f5e3b55a9b3b1122f05627a8add11b111133e96
-
SHA512
371a100077a503a039566951def4f91c4fd3ccbf4a5c4801cc358964c839f8bf9f280b988f24b72825f5ad6a094dc0e78e16cf55aecaa5b96e8cb07014fc0953
-
SSDEEP
384:typqrvdtqsaRASZghVIjC0LxKb0HpMyzMdOJ/xJPz2jmzUM9l/Us0TTs:sqBSkUJlo8JDPUgj9
Score
10/10
Malware Config
Extracted
Family
njrat
Version
0.7d
Botnet
HacKed
C2
blog.capeturk.com:8080
Mutex
Windows Explorer
Attributes
-
reg_key
Windows Explorer
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
2924-454-0x000000001B690000-0x000000001B69C000-memory.dmp
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections