MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5ac3c60303143b7484d2f4217b3d7eb92d83d13b8c1f8055ba5b08b3cd2993f3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5ac3c60303143b7484d2f4217b3d7eb92d83d13b8c1f8055ba5b08b3cd2993f3
SHA3-384 hash: a15c7dc0943d8234fef96ba6bb5ed1ba15e9b1b51a851ec011bfd00c059b6f85f15b2a26fb499ee6aa83b201d8fa8a1c
SHA1 hash: ccec869dff62d0c786ddacc325c8ce3d31e0782a
MD5 hash: 4f20fc6a6baf95c99a6ad1505bef532f
humanhash: alpha-alanine-alanine-thirteen
File name:02_out.exe
Download: download sample
Signature njrat
Create hunting rule
File size:32'768 bytes
First seen:2020-06-06 18:32:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 384:YCbP3tSX6vBq7lazgE4k+Q6LJy5Q1Q0YtQWTItebrOFeqzCrl:NS6vBqMzekrkJ369rdl
Threatray 30 similar samples on MalwareBazaar
TLSH 0CE2194777B58115C2ED56F88DB3132447B1E3438532EB6F9CEC84DA8BA37E44242AE9
Reporter Racco42
Tags:exe NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.njRAT-7445143-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-06-06 18:34:05 UTC
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=llb4maydcq5xjbgs6qqxwpl6xewyhuj3rqpyavn2lmelhtjjspzq._file
Verdict:
suspicious
Similar samples:
0e2821a2518ddfba5c461b6ebcd30d0226c92cfbf9bc31d1b848502dc0fb89df
njrat
62883e8f83fcbbfb535c5dbef62be7d671b3513540f15b8b1d293a5fc9ea79b1
njrat
7dccbba3dd0e7a899a0cfc01bbf1d7625fcc06f1704be9231782cfc9bccc6b73
njrat
812464aa0dfc28db563abf6f12caba88f4c8998ad5813741b781c3ddbcba1eaf
njrat
83456f70dec6de88075e8f81f212d4d0798f3dd42e37838c6d824cfd5bf2fa67
njrat
ac9585a2b073ae83bd5447fa7be6aecd242a4b70c024bd200fd691c763878fe1
njrat
ad4c7342f0394336560063d9ea2d53c4e39dd280e776b69a9f0fb1364126dab0
njrat
be2600ebccd8ec339463b7927783c0465f3cdb2979663478619073b9e1773db0
njrat
c15f6e03c6b986559b44e903fe1cc13c266f50b41fac7bf8b059195c3319dd2c
njrat
e8ea3c240a7dc0081189f35e73a4f74ba329c1afd98d9153fc273569f14e3a80
njrat
+ 20 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-sh6dy3lmas/
Behaviour
Suspicious use of AdjustPrivilegeToken
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments