MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 28a118154e80160c5fe697f0cfed554c0cfc4978bc6b2a35b4d0a47244f73bdc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 28a118154e80160c5fe697f0cfed554c0cfc4978bc6b2a35b4d0a47244f73bdc
SHA3-384 hash: 21d336c03c4f36d6f95b3e4e7f19bd6ae060aff06a42df0bbe8ab2ee24b057f71ad73d3608d931f065466a0434fb11cb
SHA1 hash: ebe5c457d7cf6a25b3aa646579018393e020a271
MD5 hash: 2d9dd45d6979573d199e7ba5e5e29f95
humanhash: friend-uncle-arkansas-undress
File name:28a118154e80160c5fe697f0cfed554c0cfc4978bc6b2a35b4d0a47244f73bdc
Download: download sample
Signature njrat
Create hunting rule
File size:8'352'222 bytes
First seen:2020-06-16 09:22:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f3173778f088ce2b56b8257bfe393419 (6 x NetSupport, 1 x njrat, 1 x RedLineStealer)
ssdeep 196608:6OWMMe+QP7z/xJBMCP2DtEkFE8sNy8sAKWrrjdkWCM+5dL:6OWjervFMC2DF4od+mdL
Threatray 396 similar samples on MalwareBazaar
TLSH 3F8633167B8E8530D0A25835C5E1DFB55573FA327AE8E94607A30CDC0E06AD2D862FDB
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Njrat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/10657/
Detection(s):
Win.Malware.Darkkomet-7436190-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2016-11-19 04:30:10 UTC
File Type:
PE (Exe)
Extracted files:
1027
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fcqrqfkoqalayx7gs7ym73kvjqgpyslyxrvsunnu2csherhxhpoa._file
Verdict:
malicious
Similar samples:
10071b7fc8c1800063e60780b8c00b3c0045feecdb92e08ac45cc057127193dc
njrat
19f763b4199e2bee6affbd7a92bcd07f0234a3351a82a3df0e25ed48af1dc724
njrat
276a602f80ffef482b3387d2d8e9f6b7b71db5344a5ad0d8a5514e3c5ee0948d
njrat
3077055cce808941a7f085363a6b4fbed04a0e9ca6f2af10a4e7afcf69326b06
njrat
5f2ed2da6ce1c85c4eaec50866900fca79f27df2a3013ac416249130527bc96b
njrat
65878cef4e2fdd03c3c08a4070105ebe37c0c0f311679a0c21208ac9f8f7c069
njrat
72fd107044ae159a7a80813fe902a132f12eedd01c63fd9e506cf05e088e7491
njrat
8814e2f63b6df850a5805778f846a6577ab668c79ff822adb90917813acd9ede
njrat
b0fedb5fc4232c07ff1161ddcc830cf11596ba2653cc7cea1d5666b4bab1f276
njrat
bb301ca8c6b4567553fd8d0b7ddb4425109f5cb865bc209569a156260f72f6c7
njrat
+ 386 additional samples on MalwareBazaar
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
trojan family:njrat discovery evasion persistence
Link:
https://tria.ge/reports/200624-eq69m13j9s/
Behaviour
Suspicious use of WriteProcessMemory
Runs ping.exe
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Modifies service
Checks for installed software on the system
Adds Run entry to start application
Loads dropped DLL
Drops startup file
Modifies Windows Firewall
Executes dropped EXE
njRAT/Bladabindi
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/10657/

Comments