MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 010f5f978596f99377d06c9a6e7b982def7c5cbb857e091af1a3f68c27295bc9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 010f5f978596f99377d06c9a6e7b982def7c5cbb857e091af1a3f68c27295bc9
SHA3-384 hash: 4f245d13b1b27eb99517881471b16fc513fb9cb883971167b2376a94dad44566ed50aea9faafd00dcf0641463299db4b
SHA1 hash: a886e410c1910e2823dd032143eb73c8d3e458e4
MD5 hash: 91bbdd26320c48a2d7c61fb132f78c3a
humanhash: salami-washington-nineteen-purple
File name:NEW_PURCHASE_ORDER_.zip
Download: download sample
Signature njrat
Create hunting rule
File size:183'035 bytes
First seen:2020-08-15 17:25:28 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:teofUwzB21bBlqEc5hGC6GlicyaQ63R3jmVTcbQUCTvn1U07xe3s5k70BI83ZM71:tjzWXIOPcyLYdjmVT2QNn1U0VaUB5yhb
TLSH 250412877379574C4EA2B2F5229207FBBF54AC92E967A2C930475B6264043D332CE26D
Reporter abuse_ch
Tags:NjRAT RAT zip


Avatar
abuse_ch
Malspam distributing njrat:

HELO: panel.medenserver.com
Sending IP: 213.159.7.220
From: sales <sales@gotechcn.com>
Subject: NEW PURCHASE ORDER
Attachment: NEW_PURCHASE_ORDER_.zip (contains "NEW_PURCHASE_ORDER_.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
215
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25545.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25560.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/010f5f978596f99377d06c9a6e7b982def7c5cbb857e091af1a3f68c27295bc9/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-15 17:26:09 UTC
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=aehv7f4fs34zg56qnsng464yfxxxyxf3qv7asgxrup3iyjzjlpeq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/010f5f978596f99377d06c9a6e7b982def7c5cbb857e091af1a3f68c27295bc9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

njrat

zip 010f5f978596f99377d06c9a6e7b982def7c5cbb857e091af1a3f68c27295bc9

(this sample)

njrat

Executable exe 0fa2721f9583ee945d3909290c0ead73dcf4e3cb5739a6f4423f3da6899fd602

  
Dropping
MD5 94cd3aef83f29bb2dd6d8fe40d751603
  
Dropping
njrat
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0fa2721f9583ee945d3909290c0ead73dcf4e3cb5739a6f4423f3da6899fd602

Comments