MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 22f131686ed7410f8a34d6762fc7cb2f7d386760b928b25be91eaaf05d92f7f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 22f131686ed7410f8a34d6762fc7cb2f7d386760b928b25be91eaaf05d92f7f6
SHA3-384 hash: 9befa50e5dbab9471f9ab7c91b3d19a4e7b0603c4878b553db60f7f99adf7f8077207c2da6bde7547c53d38d256844ca
SHA1 hash: 3a415b7912c794f3e8f67087996731abda38a834
MD5 hash: b63758f99d0a276b8866e1dc75cb3746
humanhash: louisiana-batman-edward-india
File name:22f131686ed7410f8a34d6762fc7cb2f7d386760b928b25be91eaaf05d92f7f6
Download: download sample
Signature njrat
Create hunting rule
File size:139'776 bytes
First seen:2020-06-17 09:32:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 3072:E9ILAtP8EoT33Tiu0F/iLOZLxzU81iSKShBw1M7Th:E9ILAtKTuu0p1Ll31iSKSHm
Threatray 184 similar samples on MalwareBazaar
TLSH A9D34947DB8BAD99C13D6433E33787D483E5CE212666F78F47D434399A7A28EB202650
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Njrat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/19405/
Gathering data
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2015-05-08 16:16:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
13
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
031b235aecbb9dd278dd748679c3103920a23a7f7eb5938b328346a7e45eece7
njrat
2a46e0846fb5b909da9df065c96a2c482075dac2d57bc5bc02d70954e9c7e7da
njrat
48c48f726a9586a076799e229ff5b938e3e4512fa6338963266528f8fa062656
njrat
6952d61c1b90bbe292626eddde290f0649ff02beca59738bf0912f6e1491538e
njrat
927f575e760758781d405edb7a7a16bd4a8069babb55a4bde1103f235fe0b602
njrat
9970470d471813416b034f776f44ce2d8beda6ff4fa38193bb18b2c450e24326
njrat
c1dc52285b9b9c38bdcfd347559f64b0de7394a8f66714e3b9148216fc91a411
njrat
c925d43deca61d344a00221f897dbe35175272a0984ffbba675194fe48842b3f
njrat
e30821af035b182de6dc8b54d9506383cd5a5713c4448faa4c842763371063b2
njrat
f1276162c44adfda7e0a2c65fa73515a29b0c56c4f0012273ac80114c01306f6
njrat
+ 174 additional samples on MalwareBazaar
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
evasion persistence trojan family:njrat
Link:
https://tria.ge/reports/200624-l1avhd328j/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies service
Modifies Windows Firewall
Executes dropped EXE
njRAT/Bladabindi
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/19405/

Comments