MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 927f575e760758781d405edb7a7a16bd4a8069babb55a4bde1103f235fe0b602. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 927f575e760758781d405edb7a7a16bd4a8069babb55a4bde1103f235fe0b602
SHA3-384 hash: d150dc7fdb77481ab5d2d0a9371a19c9998111ff1424ffa95010b3a04dc72fb6bc6ecb203c9e84e7f41527a486dbc587
SHA1 hash: 459da29195371bb734dd3af5b821bd3ce97deae4
MD5 hash: 55ec2d57e3418e6258baf79859c7292e
humanhash: quebec-kitten-video-undress
File name:927f575e760758781d405edb7a7a16bd4a8069babb55a4bde1103f235fe0b602
Download: download sample
Signature njrat
Create hunting rule
File size:1'146'880 bytes
First seen:2020-06-17 09:03:08 UTC
Last seen:2020-06-17 09:42:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash bc70c4fa605f17c85050b7c7b6d42e44 (15 x njrat, 12 x RedLineStealer, 10 x AgentTesla)
ssdeep 24576:DQ+yeF26L61uA6yC9BOVDs4vTvMSq+FO5BL1Cly9kXCjyn3aQ:DQNG2w66v9URs1eO5d1Ay9kXC
Threatray 73 similar samples on MalwareBazaar
TLSH C0350107D1F80111DCBA97B9DBB6026ABA277CC3852C876ED641358918F99D0E5E073F
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Njrat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/19272/
Detection(s):
SecuriteInfo.com.Gen.Variant.MSIL.Krypt.11.1240.9175.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 03:34:22 UTC
File Type:
PE (Exe)
Extracted files:
44
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sj7voxtwa5mhqhkal3nxu6qwxvfia2n2xnk2jppbca7sgx7awyba._file
Verdict:
unknown
Similar samples:
031b235aecbb9dd278dd748679c3103920a23a7f7eb5938b328346a7e45eece7
njrat
2a46e0846fb5b909da9df065c96a2c482075dac2d57bc5bc02d70954e9c7e7da
njrat
3027dc21e325fddbc9e6cd21b0491f3270190f219776de4971e510c4490d3c25
njrat
35628fc8f90a6db8f30ab2f3ec4b743190381958f72c75d1a8ae828d6afb6370
njrat
380f06e9a34d63f3b41e94cdb6781254e7582c811adaaf48855d4e945e8f96b0
njrat
686bf5243c5d71d36ce6c9b870cad9316aa1218154614fdcd091d7bb8573ca2c
njrat
6952d61c1b90bbe292626eddde290f0649ff02beca59738bf0912f6e1491538e
njrat
a9297e27075d755670954bcffb05bc3dd60fde115a342c93a6e76ac9ff6b9494
njrat
c1dc52285b9b9c38bdcfd347559f64b0de7394a8f66714e3b9148216fc91a411
njrat
c925d43deca61d344a00221f897dbe35175272a0984ffbba675194fe48842b3f
njrat
+ 63 additional samples on MalwareBazaar
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
persistence evasion trojan family:njrat
Link:
https://tria.ge/reports/200624-pdkqmr1pdn/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies service
Adds Run entry to start application
Loads dropped DLL
Executes dropped EXE
Modifies Windows Firewall
njRAT/Bladabindi
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/19272/

Comments