MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7dccbba3dd0e7a899a0cfc01bbf1d7625fcc06f1704be9231782cfc9bccc6b73. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7dccbba3dd0e7a899a0cfc01bbf1d7625fcc06f1704be9231782cfc9bccc6b73
SHA3-384 hash: f5bfdd74338aa90bf22cc530ad9dc0564b7d842f128942007821841c11e138bfb94a46cd43d660d793a52f973478aca8
SHA1 hash: d2aa113091282dd0d4c74e9d2a9e11cf228699f1
MD5 hash: 37c156274563f7e94cba0be71f28c7ec
humanhash: michigan-mountain-muppet-xray
File name:8VjSBMpt.exe
Download: download sample
Signature njrat
Create hunting rule
File size:32'768 bytes
First seen:2020-03-31 06:48:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 384:LCbP3tSX6vBq7lazgEwkvQqDpy5Q1Q0YtQWTItebrOFeqzC8d:oS6vBqMzukI8p369rmd
Threatray 28 similar samples on MalwareBazaar
TLSH 0AE21A4777B58115C2ED16F88DB3132147B2D3438532EB6F9CEC84DA8BA37E54242AE9
Reporter johannes
Tags:NjRAT


Avatar
viql
njrat via https://pastebin.com/raw/8VjSBMpt

Intelligence

File Origin
# of uploads :
1
# of downloads :
108
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.njRAT-7445143-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Bladabindi
Create hunting rule
Status:
Malicious
First seen:
2020-03-31 07:33:21 UTC
File Type:
PE (.Net Exe)
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pxglxi65bz5itgqm7qa3x4oxmjp4ybxrobf6siyxqlh4tpgmnnzq._file
Verdict:
suspicious
Similar samples:
0e2821a2518ddfba5c461b6ebcd30d0226c92cfbf9bc31d1b848502dc0fb89df
njrat
5ac3c60303143b7484d2f4217b3d7eb92d83d13b8c1f8055ba5b08b3cd2993f3
njrat
62883e8f83fcbbfb535c5dbef62be7d671b3513540f15b8b1d293a5fc9ea79b1
njrat
812464aa0dfc28db563abf6f12caba88f4c8998ad5813741b781c3ddbcba1eaf
njrat
83456f70dec6de88075e8f81f212d4d0798f3dd42e37838c6d824cfd5bf2fa67
njrat
ac9585a2b073ae83bd5447fa7be6aecd242a4b70c024bd200fd691c763878fe1
njrat
ad4c7342f0394336560063d9ea2d53c4e39dd280e776b69a9f0fb1364126dab0
njrat
be2600ebccd8ec339463b7927783c0465f3cdb2979663478619073b9e1773db0
njrat
c15f6e03c6b986559b44e903fe1cc13c266f50b41fac7bf8b059195c3319dd2c
njrat
e8ea3c240a7dc0081189f35e73a4f74ba329c1afd98d9153fc273569f14e3a80
njrat
+ 18 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/8VjSBMpt

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments