General
-
Target
1732-1-0x0000000000270000-0x0000000000286000-memory.dmp
-
Size
88KB
-
MD5
57a6137708aa3c2866131919b12d17c2
-
SHA1
4328e6c04348966ba9cb2a5f3883ccb51571cda8
-
SHA256
d8b284c741d37196fbf6fe4513bf457f158a65b1b649a71f12855669e6bbcbeb
-
SHA512
80a4f19ef88327b8048ab075aeddc9cc8b1123db2fb1dbff5de4783c6a68b833e78c51ec0b87a0c6b626c7f8edf708e974693e088b84dc964891acac02cb493a
-
SSDEEP
1536:CXOeboN36tbQviFw1ScTIBnvAefLteF3nLrB9z3nTaF9btS9vM:CXOeboN36tbQviFCtcBn1fWl9zDaF9bJ
Score
10/10
Malware Config
Extracted
Family
njrat
Version
Platinum
Botnet
uzbek
C2
127.0.0.1:14026
Mutex
yzbekt.exe
Attributes
-
reg_key
yzbekt.exe
-
splitter
|Ghost|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
1732-1-0x0000000000270000-0x0000000000286000-memory.dmp
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections