Overview

overview

10

Static

static

10

2476-373-0...ry.exe

windows7-x64

2476-373-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2476-373-0x0000000000400000-0x000000000040C000-memory.dmp

  • Size

    48KB

  • MD5

    1f3adad79949fa64fe361238cacfcfbf

  • SHA1

    67f2d1ef1875630e2f0468228c887e2a7b5eed8f

  • SHA256

    94f45fb0e4b99935300dcae4bc43f18f2089573ee1a25e1d721dcfd1996357a0

  • SHA512

    ed0ab7bb73f0cedb9172345bd2b018c02dfcbbf0cef7759f0f697f245cb8f5a4efd84e2a69b1b88885c41bd559a961169032cdde438211ff3327c0773b48fb45

  • SSDEEP

    384:Nc6ze6e1PAhJVzC3tC1im/BsTx46PgZ0rap9HBmRvR6JZlbw8hqIusZzZzI:ne9EJLN/yRpcnuj

Score
10/10
neufnjrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

neuf

C2

doddyfire.linkpc.net:10000

Mutex

e1a87040f2026369a233f9ae76301b7b

Attributes
  • reg_key

    e1a87040f2026369a233f9ae76301b7b

  • splitter

    |'|'|

Signatures

  • Njrat family
    njrat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2476-373-0x0000000000400000-0x000000000040C000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections