MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 644e3f15cd7a653087fb7496f311e81ab32f6389d418928d0ad182191bb48104. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

njrat

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	644e3f15cd7a653087fb7496f311e81ab32f6389d418928d0ad182191bb48104
SHA3-384 hash:	dad0a65aaca5f1df24245f9e0695ba1d4173d24626398f9cb04dc73d0db48298e7c483a6f2f08d82cd6db4a573933d8d
SHA1 hash:	15de9d2d8a782b8acc7ec9aa6826dd55a0cb798f
MD5 hash:	ebd7cba68c1604daf37d6f17311ffae9
humanhash:	twelve-missouri-orange-jig
File name:	SecuriteInfo.com.Trojan.KillProc.41518.10122.3887
Download:	download sample
Signature	njrat Create hunting rule
File size:	198'656 bytes
First seen:	2020-07-15 20:49:32 UTC
Last seen:	2020-08-02 07:32:56 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'206 x SnakeKeylogger)
ssdeep	3072:9URww5Ap6jsTEJb63Q77N6U4Bla+VNrG5wZ2LSrGdCKwKdW8w:9Oww5AxTvQ7J6UrEiKh
Threatray	8 similar samples on MalwareBazaar
TLSH	30145B3B0397AAA5CF7B06B0E73246D09369DD149116D23D6CF4611ADCB6E3E6EC3281
Reporter	SecuriteInfoCom
Tags:	NjRAT

Intelligence

File Origin

# of uploads :

3

# of downloads :

276

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Njrat

Link:

https://www.capesandbox.com/analysis/26235/

Detection(s):

SecuriteInfo.com.Trojan.KillProc.41518.10122.3887.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% directory

Creating a process from a recently created file

Creating a window

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/644e3f15cd7a653087fb7496f311e81ab32f6389d418928d0ad182191bb48104/

Threat name:

ByteCode-MSIL.Backdoor.Bladabhindi

Status:

Malicious

First seen:

2019-12-19 08:55:32 UTC

AV detection:

21 of 26 (80.77%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=mrhd6fonpjstbb73oslpgepidkzs6y4j2qmjfdik2gbbsg5uqeca._file

Verdict:

suspicious

Similar samples:

28a118154e80160c5fe697f0cfed554c0cfc4978bc6b2a35b4d0a47244f73bdc

2fdb85c7a0a29e78f22e3b994c5835178f6b54162f4d72a224d9ac9d40c3b60f

54b35c8b82d20ae8c2cf8204a8a56562364bbca46d434670369c6bd578bdfd6d

5b113b08d25005c3195b8144e422bdd1a2f866fc3cf9d6bc641f006539e97e07

d832b9d26b8e022fb064d68edfcdc6e33a464fdd854f03c58d0e25b5ed9015ed

e91568f40d148d2bdf04cf14156febbbb0d72e10b876c38d0900e0a66cb8706f

f080b66a335bf45b2c6f95f9cf3478f82438d518af26053d093b137b5dd01393

fe7dc35391c88f2001b6637186c2fa677bb5f1a08cfdafcfc95a1e1fc2f026a9

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/200715-p87trmnyb2/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Program crash

Loads dropped DLL

Executes dropped EXE

Executes dropped EXE

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 644e3f15cd7a653087fb7496f311e81ab32f6389d418928d0ad182191bb48104

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/413196/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/26235/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample