MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc705d3e79a256da58d4b181f94212d694b2d7ddfa1650c8883e40adab0e7de5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cc705d3e79a256da58d4b181f94212d694b2d7ddfa1650c8883e40adab0e7de5
SHA3-384 hash: 89ff93b5a43a69b2563e1c66b4f387e6f6b4a4918545565a172e4a96040733cec9418ec2c76f0cc9b8d774e46e4f07d7
SHA1 hash: e0e0c94c2e0691e7b47202e27553b2079b71cbee
MD5 hash: 9bdaf25b493665d4f5479b91fc202333
humanhash: mexico-seventeen-hamper-iowa
File name:cc705d3e79a256da58d4b181f94212d694b2d7ddfa1650c8883e40adab0e7de5
Download: download sample
Signature njrat
Create hunting rule
File size:52'736 bytes
First seen:2020-06-10 09:52:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 768:+fdbQLIlx2jUxJPOwseV3vnC4vP2oDsdtP3VAYoB7UbdWiFQ7hyUZh:/FjUxJFsn/x33V9oBobdWiFwy
Threatray 47 similar samples on MalwareBazaar
TLSH A133BECEAF828770CA494A77D96B258413B5C60367F3BBA708D862B05EF798D4E43470
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BackDoor.Generic12.AOUE.3057.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Disfa
Create hunting rule
Status:
Malicious
First seen:
2015-05-25 13:56:00 UTC
File Type:
PE (.Net Exe)
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zryf2ptzujlnuwguwga7sqqs22klfv657ilfbseihzak3kyopxsq._file
Verdict:
unknown
Similar samples:
17f1ed271639258fd0b56ece28f7efe7f5e2ea428dfe1cbdc41b90aa2a31b737
njrat
4cd80b1158f28fc2c53e2f84e5ae119bf54cc2507a8d649e649f2cc6458bf2de
njrat
75d96bd9b1835e445b9ea6151181cbbdfe64bf6686cf24d4b595591b951f5c62
njrat
82df2d9ba67f275874caca138baea0b54e90ffd727d561072243a9d9026569ae
njrat
9d8cdbdc6213aa85dc5095947dc22c9c7c57c3743dde10817b2b39183d9afda0
njrat
c5886cce4cccd324633b1f7d2d7a007a238550d8174cbed7703aa9088db51ab3
njrat
dd780d46887a6d0abe23b50529aab25de2a5ed452ae9feba3dfbe3e6cdff7c22
njrat
ea8df2deaef8eea4c6d8a316c6b1a9327b4ad6c720ffda87da65166cedaf2836
njrat
eac957f655d15206f8875a31eb0b225040ee39015ff01189901f78230e39c33f
njrat
fd443146a204defbec7fec9e24c97cd70e2eba3d8bac15a1f792b32d5cd456e9
njrat
+ 37 additional samples on MalwareBazaar
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
family:njrat evasion persistence trojan
Link:
https://tria.ge/reports/201109-gxw9l41p12/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies service
Adds Run key to start application
Loads dropped DLL
Executes dropped EXE
Modifies Windows Firewall
njRAT/Bladabindi
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments