MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c1dc52285b9b9c38bdcfd347559f64b0de7394a8f66714e3b9148216fc91a411. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c1dc52285b9b9c38bdcfd347559f64b0de7394a8f66714e3b9148216fc91a411
SHA3-384 hash: b312010cf1916c2eab7cc324da17ba9b91e330cf29aa5c8b6c6df0f5eb2725c1c79bcbb6898cd495b18c905141e21478
SHA1 hash: 9a7e00f7e4a9760f9f3d5035c3025b9bc4bf2fb7
MD5 hash: e9ac84ab8a59a41825036b5ae7b3468d
humanhash: alaska-wisconsin-winter-triple
File name:c1dc52285b9b9c38bdcfd347559f64b0de7394a8f66714e3b9148216fc91a411
Download: download sample
Signature njrat
Create hunting rule
File size:1'079'296 bytes
First seen:2020-06-17 09:03:16 UTC
Last seen:2020-06-17 09:41:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash bc70c4fa605f17c85050b7c7b6d42e44 (15 x njrat, 12 x RedLineStealer, 10 x AgentTesla)
ssdeep 24576:6QnbyeF26L61uA6yC9BOVDs4vTvMSq+FO5BL1Cly9kXCjyn3aw:6QnOG2w66v9URs1eO5d1Ay9kXC
Threatray 73 similar samples on MalwareBazaar
TLSH 0A351203A6E90266FAF61BF11CFA13931E3B7D819974924F270269DD5C72E44EA30B17
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
2
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/19274/
Detection(s):
SecuriteInfo.com.Gen.Variant.MSIL.Krypt.11.21985.23290.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Gen.Variant.MSIL.Krypt.11.1240.9175.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 03:30:09 UTC
File Type:
PE (Exe)
Extracted files:
42
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yhofekc3toodrpop2ndvlh3ewdphhffi6ztrjy5zcsbbn7eruqiq._file
Verdict:
unknown
Similar samples:
031b235aecbb9dd278dd748679c3103920a23a7f7eb5938b328346a7e45eece7
njrat
2a46e0846fb5b909da9df065c96a2c482075dac2d57bc5bc02d70954e9c7e7da
njrat
3027dc21e325fddbc9e6cd21b0491f3270190f219776de4971e510c4490d3c25
njrat
35628fc8f90a6db8f30ab2f3ec4b743190381958f72c75d1a8ae828d6afb6370
njrat
380f06e9a34d63f3b41e94cdb6781254e7582c811adaaf48855d4e945e8f96b0
njrat
686bf5243c5d71d36ce6c9b870cad9316aa1218154614fdcd091d7bb8573ca2c
njrat
6952d61c1b90bbe292626eddde290f0649ff02beca59738bf0912f6e1491538e
njrat
927f575e760758781d405edb7a7a16bd4a8069babb55a4bde1103f235fe0b602
njrat
a9297e27075d755670954bcffb05bc3dd60fde115a342c93a6e76ac9ff6b9494
njrat
c925d43deca61d344a00221f897dbe35175272a0984ffbba675194fe48842b3f
njrat
+ 63 additional samples on MalwareBazaar
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
trojan family:njrat persistence evasion
Link:
https://tria.ge/reports/200624-29rst9bnk6/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies service
Adds Run entry to start application
Loads dropped DLL
Executes dropped EXE
Modifies Windows Firewall
njRAT/Bladabindi
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/19274/

Comments