MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 48c48f726a9586a076799e229ff5b938e3e4512fa6338963266528f8fa062656. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 48c48f726a9586a076799e229ff5b938e3e4512fa6338963266528f8fa062656
SHA3-384 hash: e45b64a0a5f76c8d6ce64829e38b126e6f403bef51fe363d8518f0881d799bb1871943a83e2fa6c8a518248074a2f817
SHA1 hash: c503bbf9bfff14477b513555657220bfcdf7c927
MD5 hash: 4bd69ee2fa85d28d080e93e84d92444f
humanhash: oscar-hamper-apart-carbon
File name:48c48f726a9586a076799e229ff5b938e3e4512fa6338963266528f8fa062656
Download: download sample
Signature njrat
Create hunting rule
File size:105'472 bytes
First seen:2020-06-17 09:34:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 1536:r57qzJkh5iHsBIqGK1i/E3qGkNm43l7wpTPZwqb8EGoX9XSQGbegJB/73Uo:rqJkh4GIqGKw/ACwuSb79XvGF73Uo
Threatray 246 similar samples on MalwareBazaar
TLSH 84A35C4BFB4A4A76C9685737C423566A53F1CC2AF903E76F41EC75304AB66DC84031AE
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.52967.3462.26270.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 00:12:48 UTC
File Type:
PE (.Net Exe)
Extracted files:
5
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jdci64tkswdka5tztyrj75nzhdr6iujpuyzysyzgmuupr6qgezla._file
Verdict:
unknown
Similar samples:
044c48fe42178958d8f55e5404e056ff0f1071d865deda9cc42518ab2c87fda7
njrat
21cea3a243809c8cc06412ffd647e4896b35a246cf8c365484e0419477d94b37
njrat
22f131686ed7410f8a34d6762fc7cb2f7d386760b928b25be91eaaf05d92f7f6
njrat
2a46e0846fb5b909da9df065c96a2c482075dac2d57bc5bc02d70954e9c7e7da
njrat
31736a54c77e7f44f952f55536eb4ac6d5863c9ed970a087c0d1cc801a558728
njrat
5d8446a23b80e9b6cb7406c2ba81d606685cf11b24e9eb8309153a47b04f3aad
njrat
6952d61c1b90bbe292626eddde290f0649ff02beca59738bf0912f6e1491538e
njrat
9970470d471813416b034f776f44ce2d8beda6ff4fa38193bb18b2c450e24326
njrat
c925d43deca61d344a00221f897dbe35175272a0984ffbba675194fe48842b3f
njrat
fb3c47dd39270fe9f683f3c4f12d07cd668039fcbc15a175970a57ff363f7026
njrat
+ 236 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence evasion
Link:
https://tria.ge/reports/200624-19h3k7wfwx/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Drops file in Windows directory
Modifies service
Adds Run entry to start application
Drops startup file
Executes dropped EXE
Modifies Windows Firewall
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/19424/

Comments