General

  • Target

    2792-29-0x00000000002A0000-0x0000000000B6A000-memory.dmp

  • Size

    8.8MB

  • MD5

    dc12c3ed6545883e412fd53aee9f9bc8

  • SHA1

    745727e55ea35ef91fdae244f1d09f146309090c

  • SHA256

    590383f4bc81eb472544475d3f93b43967d12d499a1bc46e031d7cd5001d348c

  • SHA512

    eef34bca2e27e0e1ea61c12d82a85407a852b7ef236c4d6a91ec2e85a9be4a85219363759dbb2db23744c7772b9ccd0209977621a681f1345fa5754bfe30be4c

  • SSDEEP

    196608:Ryz6ERB80Yd/m9r8IstNEcOq+OM2OYje:RI6ERBud/m9rmDOezj

Score
10/10

Malware Config

Extracted

Family

njrat

Version

v4.0

Botnet

HacKed

C2

still-obviously.gl.at.ply.gg:46857

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Signatures

  • Njrat family
  • Themida packer 1 IoCs

    Detects Themida, an advanced Windows software protection system.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2792-29-0x00000000002A0000-0x0000000000B6A000-memory.dmp
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections