MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55788187a18d12723bbba31b170c83008999a405625ea9f5525d6f655ad2d565. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 55788187a18d12723bbba31b170c83008999a405625ea9f5525d6f655ad2d565
SHA3-384 hash: b6449941a5fa40084d241d8f5936488d52a055ce4c5f04f73b4fe2b3201e390abb16e2990c247d362e8f7ac5a8186bd1
SHA1 hash: 04acb335bb0019a9ba8024bbdb1e7bb5553ba062
MD5 hash: 8eac73002a68fafcd6d0346c6954c94b
humanhash: island-nuts-speaker-eleven
File name:55788187a18d12723bbba31b170c83008999a405625ea9f5525d6f655ad2d565
Download: download sample
Signature njrat
Create hunting rule
File size:8'332'288 bytes
First seen:2020-11-10 11:09:45 UTC
Last seen:2024-07-24 14:30:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d5d9d937853db8b666bd4b525813d7bd (40 x DCRat, 28 x njrat, 5 x RedLineStealer)
ssdeep 196608:I7P/9NcSdKX8VEwb3y+9Is3/K2CBHpR1FtSeFo38U9cJ81+:oP/9GnerKQCHzCb+P
Threatray 136 similar samples on MalwareBazaar
TLSH 3A8633ACA49B3CF1EA14E83183615F06AF1B36B4CE7799A864463554F39FB701BE1243
Reporter seifreed
Tags:NjRAT

Intelligence

File Origin
# of uploads :
2
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %AppData% directory
Enabling the 'hidden' option for recently created files
Creating a process from a recently created file
Creating a file in the %temp% directory
Creating a file
Enabling the 'hidden' option for files in the %temp% directory
Creating a process with a hidden window
DNS request
Unauthorized injection to a recently created process
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Launching the process to change the firewall settings
Connection attempt to an infection source
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/55788187a18d12723bbba31b170c83008999a405625ea9f5525d6f655ad2d565/
Threat name:
Win32.Backdoor.DarkComet
Create hunting rule
Status:
Malicious
First seen:
2020-11-10 11:12:39 UTC
AV detection:
38 of 48 (79.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kv4idb5brujheo53umnrodedaceztjafmjpkt5kslvxwkwws2vsq._file
Verdict:
malicious
Similar samples:
153e5b1b4b51f9f27c38a24577764a9873ea08467348b5a2db04f2a13c49e291
njrat
51707360e28aa57ec8a8d7f42bc7c9ffe8969b5d19bf39a700cde35c0e4d3846
njrat
754d17d48af7cfce94b80e05709943f2e4c119a7dde35f34ca0261672236212a
njrat
910a35ca5d26faf9ede6eabdff5d843cc84ee2086e92602c02b4c6fc45613306
njrat
a54b4d3ba528301409e3f5ba27a1d3b3d8bf9ad5d6f0d43354535f98132d980b
njrat
b3a40e1d85f1e1608acf07414a8dea2730c0de0d824bc6165856b8fe00e8ed3d
njrat
e17b626855a99cb900478be588cc73a331bc5a00204b4b97932f0ac6d705d308
njrat
ed34d4eba0bc7d434f32bb9bca0147632592656ddf0c2aa892fbee54b0850ff1
njrat
f7520d43549934d17d63e087a02883c12ef5a48c50d0b503e3c64d51ba32201a
njrat
ffe8dbc4f815fe713c790a19b5122c79d1de9c817f10edf7d86ca297175ce439
njrat
+ 126 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion persistence
Link:
https://tria.ge/reports/201110-6mkggyhgjs/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies registry class
Modifies service
Adds Run key to start application
Drops startup file
Loads dropped DLL
Checks computer location settings
Executes dropped EXE
Modifies Windows Firewall
Unpacked files
SH256 hash:
55788187a18d12723bbba31b170c83008999a405625ea9f5525d6f655ad2d565
MD5 hash:
8eac73002a68fafcd6d0346c6954c94b
SHA1 hash:
04acb335bb0019a9ba8024bbdb1e7bb5553ba062
Link:
https://www.unpac.me/results/4a9b571f-be7f-4d27-bd20-4d8c3b1cc9c7/
SH256 hash:
9343339fadfe0f62d6fd46c6131ed9fdf01978d817192984e69a8bbecfb406d2
MD5 hash:
34960f869aa933675a70c0c7c17addfe
SHA1 hash:
b01ec370b3571d70a2d111f35d5514cc7a18d422
Detections:
win_darkcomet_g0
Create hunting rule
win_darkcomet_auto
Create hunting rule
Link:
https://www.unpac.me/results/4a9b571f-be7f-4d27-bd20-4d8c3b1cc9c7/
Parent samples :
55788187a18d12723bbba31b170c83008999a405625ea9f5525d6f655ad2d565
27db51f010cd9e7f83daf474ba1d78022cf61704fe114552a98d464b08383b38
9343339fadfe0f62d6fd46c6131ed9fdf01978d817192984e69a8bbecfb406d2
8df919d13e79c80c26053c7aa529fc3a0b49c0db77f957b38c49e80e9ffb53a4
SH256 hash:
d0bcce0e808b4602f8bb743a4a0ed875cbab753539fb4ce66269f6cd62729bb5
MD5 hash:
bfc100c6ce09aded3a72d9eaadff4157
SHA1 hash:
b1b3a3ac291907b23fa02bd4e71c2605d535468e
Link:
https://www.unpac.me/results/4a9b571f-be7f-4d27-bd20-4d8c3b1cc9c7/
SH256 hash:
4d5b0bb924898acc5937d9e5c373c11b19f0933e96e3d9a182fe64c683dfa5e5
MD5 hash:
e39e0912ed8f4111b85e7fa8c04cacbc
SHA1 hash:
1f89c439c4c00df08967535e6c52835d3f98cffc
Link:
https://www.unpac.me/results/4a9b571f-be7f-4d27-bd20-4d8c3b1cc9c7/
SH256 hash:
561c24f9d8f8c667558a33ecef1f39cfae88f163f2618496aba96334afc3e9c5
MD5 hash:
caced8edc397df7d4fc63b6f9dc5f2e2
SHA1 hash:
b1ece378faa4f9ee8f384ca53302a0ec5c3d6073
Link:
https://www.unpac.me/results/4a9b571f-be7f-4d27-bd20-4d8c3b1cc9c7/
SH256 hash:
9726b5338ad442af484457875b53125949be30443c32ae30aaa7dca745ebcb35
MD5 hash:
baae76330a8ff174be812a43455ae9e4
SHA1 hash:
240d7d440ef530009fa47489f16a2a28e8404f93
Link:
https://www.unpac.me/results/4a9b571f-be7f-4d27-bd20-4d8c3b1cc9c7/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments