MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 809559ef4f0a49166d9dc44908bdc206688523474f58742b12cbd47760b3fdaa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
njrat
Vendor detections: 8
| SHA256 hash: | 809559ef4f0a49166d9dc44908bdc206688523474f58742b12cbd47760b3fdaa |
|---|---|
| SHA3-384 hash: | 13794faa4c0d7b1868b3c567584c23a33956fe313063c957c73f45b102e47b1551f26fee95658ab0ea8b677633676256 |
| SHA1 hash: | 577f970e69294c0340cc9a8076cd497275cfee1f |
| MD5 hash: | a055f5078967bf7e03b1bbb006f239b3 |
| humanhash: | river-aspen-september-zebra |
| File name: | 809559ef4f0a49166d9dc44908bdc206688523474f58742b12cbd47760b3fdaa |
| Download: | download sample |
| Signature | njrat |
| File size: | 773'632 bytes |
| First seen: | 2020-11-12 14:13:50 UTC |
| Last seen: | 2024-07-24 18:06:36 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger) |
| ssdeep | 12288:WPZ8hWkW5Zpwf850mSZ8fXHH33XcMW17w7Cf1SCrwQJ6Y9+mLIBCOzWFOK:WPGKT2WMS61SCrww6Y20O |
| Threatray | 7 similar samples on MalwareBazaar |
| TLSH | 1BF4E967FA2565A5CB3E25F3CC7399B883E4C66AAB00FB1F50EA212853721DC97511CC |
| Reporter |  seifreed |
| Tags: | NjRAT |
Intelligence
File Origin
# of uploads :
2
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Creating a process with a hidden window
DNS request
Launching the process to change the firewall settings
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
Win32.Trojan.Zusy
Status:
Malicious
First seen:
2020-11-12 14:15:47 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
unknown
Similar samples:
Result
Malware family:
njrat
Score:
10/10
Tags:
family:njrat evasion persistence trojan
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies service
Adds Run key to start application
Modifies Windows Firewall
njRAT/Bladabindi
Unpacked files
SH256 hash:
809559ef4f0a49166d9dc44908bdc206688523474f58742b12cbd47760b3fdaa
MD5 hash:
a055f5078967bf7e03b1bbb006f239b3
SHA1 hash:
577f970e69294c0340cc9a8076cd497275cfee1f
SH256 hash:
23b3e22bc022d07fa12ac3b9f6e89fc4118943ed4ef2d88316de7da31316e7d3
MD5 hash:
f3509e1117490419f53cc111475f7e80
SHA1 hash:
3b97f59690f24bb3455b861dd91a82f532a39b9d
Detections:
win_njrat_w1
win_njrat_g1
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Tinba
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.