MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b8d830e69afacfd57973b41a3a9f85aa7026ca93b829098b1d82b718c4df3761. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b8d830e69afacfd57973b41a3a9f85aa7026ca93b829098b1d82b718c4df3761
SHA3-384 hash: de8d89611b840bf55439da9761c6c094efc691a5f77c29a5b5a45c41c026a447d8bdc02d44190ac09949b108db3f2222
SHA1 hash: e7b679489e39989cdca7180d95d05c316b95f92b
MD5 hash: f43f934368954e29929de2b45dbf60bd
humanhash: social-cup-burger-louisiana
File name:80b49164d05519f4b0ab83c4cf4d4aa5
Download: download sample
Signature njrat
Create hunting rule
File size:14'618'659 bytes
First seen:2020-11-17 11:24:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b41dd3d4e1dbc3e69775db36ed00fe8d (4 x njrat)
ssdeep 393216:JFC5dfFZ8R3oEAeVc4i7Ht7H7J8fa12xZrZlwg7Z:Jgrb8R3oEs4QABbbrZ
Threatray 2 similar samples on MalwareBazaar
TLSH 19E622613BD6803BE17F0B30196DD69AD575B9607FB3889BA3C81B2D1E708924531EB3
Reporter seifreed
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
114
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Emotet-9790742-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Creating a file in the %AppData% subdirectories
Creating a file in the %temp% directory
Deleting a recently created file
Sending a UDP request
Launching a process
Result
Verdict:
0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b8d830e69afacfd57973b41a3a9f85aa7026ca93b829098b1d82b718c4df3761/
Threat name:
ByteCode-MSIL.Trojan.Zusy
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 11:25:20 UTC
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xdmdbzu27lh5k6ltwqndvh4fvjycnsutxauqtcy5qk3rrrg7g5qq._file
Verdict:
suspicious
Similar samples:
75bc87dafaa424cba64308b349fc324d263e2a3e267c59962a79da9005caafb4
njrat
f9911b3afb169b55efa561019120d2a33ba6b1485fe70e16a70833725b6a3242
njrat
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-9wc8cbesv6/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates connected drives
JavaScript code in executable
Loads dropped DLL
Unpacked files
SH256 hash:
b8d830e69afacfd57973b41a3a9f85aa7026ca93b829098b1d82b718c4df3761
MD5 hash:
f43f934368954e29929de2b45dbf60bd
SHA1 hash:
e7b679489e39989cdca7180d95d05c316b95f92b
Link:
https://www.unpac.me/results/92c528b6-6f37-4a22-8ffb-00e69b60d7b8/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments