MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d9d43f3164fba1aceb44777a7e89de0d62ef5f196ae713effcc8a893eff20e5f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d9d43f3164fba1aceb44777a7e89de0d62ef5f196ae713effcc8a893eff20e5f
SHA3-384 hash: 750c8fe4fd1e65ca1cedc9d2518e6157beca1dd820a1393a7345385d1ba4e452885f53c0e00a262332361ba7cc4e132f
SHA1 hash: ac030911059aaa1f0b76cf3df9a49ae5a18121be
MD5 hash: 67cef343e6e4b4a69dc7ff2e1e84c382
humanhash: monkey-massachusetts-robert-fifteen
File name:YLBs5GCU.exe
Download: download sample
Signature njrat
Create hunting rule
File size:80'896 bytes
First seen:2020-03-18 17:06:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 1536:81pf+R5h9DphS5wpOk3JCK6pFoqXV6fOpd/9nEh9TGHJd4RF:vQwpOk5CK6gO/9ESpd4z
Threatray 30 similar samples on MalwareBazaar
TLSH 3C83294873F44A11E1BF0EB5897292221B36FC075D26F66D09D174AA5FB36C08A19FB3
Reporter johannes
Tags:NjRAT


Avatar
viql
njrat via https://pastebin.com/raw/YLBs5GCU

Intelligence

File Origin
# of uploads :
1
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.B-468
Create hunting rule

Win.Trojan.Bladabindi-6192388-0
Create hunting rule

Win.Trojan.Generic-6417450-0
Create hunting rule

Win.Trojan.Generic-6454614-0
Create hunting rule

Win.Trojan.Generic-6454615-0
Create hunting rule

Win.Packed.Barys-6880522-0
Create hunting rule

Win.Dropper.njRAT-7436651-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Backdoor.Bladabindi
Create hunting rule
Status:
Malicious
First seen:
2020-03-19 03:56:18 UTC
AV detection:
35 of 45 (77.78%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3hkd6mle7oq2z22eo55h5co6bvro6xyznltrh374zcujh37sbzpq._file
Verdict:
malicious
Similar samples:
1d1db9028a99d5ccfd2e898e61dd4c0fbd2b363934f0623aa9503280fa3229a9
njrat
208a8cfdd915e43d58459d4e082efbbf58c649933c09c18c52bc95d34f9725ce
njrat
3b9f555888df6326a6a0c7dd2c2c1c2d78bbb969c1b7d40ea0d0e9679a06bbc5
njrat
62e099194f9f946b0c0dd4c474c862dadb605101b87dc2eb7b8e43f6510ae3d1
njrat
650d7694ca81aa2e509dff3bc7811494ca67eaf9c9946e3834961a9f136c0dcf
njrat
69fe5bb4b975f9437b6c3bcf3f07dc807a8f2e848f1e0c5802012295b06a742c
njrat
a738551436373cba8cfb85daf742426c8374a6c2384035c7c64a71d039308df0
njrat
bf0452ef3eb6c2e6f2ea84b2bf649a024f6190b0baae26e21c9790820171581f
njrat
c530a21d1704688f69168de95d24fbf2060fdcb4b7afcc0fda9035906a8c565d
njrat
ce66906eb9b0e76d2b0e9b313e84c543412ae3ab598e57dce0b913759946254e
njrat
+ 20 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d9d43f3164fba1aceb44777a7e89de0d62ef5f196ae713effcc8a893eff20e5f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/YLBs5GCU

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments