MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 002a25d22717f4c57eb76e117bf6e2598a3123160e34b4d242b896fe798da967. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 002a25d22717f4c57eb76e117bf6e2598a3123160e34b4d242b896fe798da967
SHA3-384 hash: afc75aa282cb0577cdf82f959f7729002222eaafdbff43d9597dbb6d671ee67fc7535d42e8f51254d7ecec274b4bcbcf
SHA1 hash: 0ac176b96d075c1f26c582d576e3c16226dc4f5b
MD5 hash: 20b7d73a3c85521fefaa7674ae182368
humanhash: tennis-magnesium-spring-oscar
File name:a995617a0cf6c473a15a8c034ec78302
Download: download sample
Signature njrat
Create hunting rule
File size:1'059'384 bytes
First seen:2020-11-17 15:43:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fcf1390e9ce472c7270447fc5c61a0c1 (863 x DCRat, 118 x NanoCore, 94 x njrat)
ssdeep 24576:uIZORhkG8mvnbCbDzJzBGhe1fgE4WSNsH3m3J:GGbDzZ4MR7Gs23J
Threatray 14 similar samples on MalwareBazaar
TLSH EB350212BEC088B2D27209366579E775693A7C241F65CA8BB7DC696CBF307C065307A3
Reporter seifreed
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
183
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Emotet-9790742-0
Create hunting rule

Win.Dropper.NetWire-9792487-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% directory
Enabling the 'hidden' option for files in the %temp% directory
Creating a process from a recently created file
Creating a file
DNS request
Sending a custom TCP request
Creating a process with a hidden window
Creating a window
Unauthorized injection to a recently created process
Launching the process to change the firewall settings
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Connection attempt to an infection source
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/002a25d22717f4c57eb76e117bf6e2598a3123160e34b4d242b896fe798da967/
Threat name:
Win32.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 15:48:34 UTC
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=aavclurhc72mk7vxnyixx5xclgfdciywby2ljuscxclp46mnvftq._file
Verdict:
unknown
Similar samples:
13af08593a4bd73dfcf9620842e8c86b24d6e30a2afe5b17aee21274eaf8a8b3
njrat
47470dc6911824b1a903197f0d06acedeba47415ebf3d212dd6514a14eec0ded
njrat
526b68a0be26a2bce634d4c37a025eca01d051e4ae0df350fa384541ebbe09c5
njrat
6567585d18f3ac4134f1ba2c23ec58fcc3f69555aef094a20abe83a1201edd56
njrat
7e2df5cc5af70da7aebf1285a7ad9956766ded3aab658520bf93d4d5b85f1159
njrat
ae59d23d664eac76addf8b7763f63636bbca56f82c224e66b2da266e7afe8245
njrat
bf814616d20252c842d9deb1f8b998f71a14ced547c4b1a3c934b02b6eee527a
njrat
c4b40854b0d96e0967c64ee0f80d41222d57029ec9e3e4b72f4232291879caad
njrat
d74877c5adcf9294c33e1ee17665d89f8777c60dc5f54b84f03eb9f96f4bf250
njrat
ddc089db76d5e0419e1f7d3777d2227df3a5cc4b55ea33f9616863cccad3c89f
njrat
+ 4 additional samples on MalwareBazaar
Unpacked files
SH256 hash:
002a25d22717f4c57eb76e117bf6e2598a3123160e34b4d242b896fe798da967
MD5 hash:
20b7d73a3c85521fefaa7674ae182368
SHA1 hash:
0ac176b96d075c1f26c582d576e3c16226dc4f5b
Link:
https://www.unpac.me/results/f2d348e0-3455-461b-9d07-d1d6faf2d488/
SH256 hash:
fde53cae31d92563c657d0eba7ebd0640ce3995e4fce1594e432545882a84560
MD5 hash:
3bda548a902f2550483ac25835fbb7b4
SHA1 hash:
6529087b558ff413c4dd4867a76efab984969c67
Link:
https://www.unpac.me/results/f2d348e0-3455-461b-9d07-d1d6faf2d488/
SH256 hash:
f78ba057884159b6fee014f89ed4cc4a77d3d93270818624d273f8201f6ed897
MD5 hash:
ea7cf19a09b8bfb8770fb1073b3709ae
SHA1 hash:
cbfadc2666331eaac068a1bf8a83ae5e91cefb65
Link:
https://www.unpac.me/results/f2d348e0-3455-461b-9d07-d1d6faf2d488/
SH256 hash:
77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db
MD5 hash:
9af5eb006bb0bab7f226272d82c896c7
SHA1 hash:
c2a5bb42a5f08f4dc821be374b700652262308f0
Link:
https://www.unpac.me/results/f2d348e0-3455-461b-9d07-d1d6faf2d488/
SH256 hash:
40260c113e4db90e5efd92b72c9c2288ae2d04fffdfcf767eb7aacaeaff30865
MD5 hash:
1c6995759fd3e1f9920855c3617b226a
SHA1 hash:
c810dec1f5d52d0f0422696dd466e130e7d669b7
Detections:
win_njrat_w1
Create hunting rule
win_njrat_g1
Create hunting rule
Link:
https://www.unpac.me/results/f2d348e0-3455-461b-9d07-d1d6faf2d488/
SH256 hash:
a9e2274a82664ffeeeaacce1e10505119ea4cf3144149b2fa7ea327a0b93436f
MD5 hash:
2ddf3a37e1f8b934f4c7e8798eefeffc
SHA1 hash:
cdae1630e2c958e2fe8423377c6f3402057d199f
Link:
https://www.unpac.me/results/f2d348e0-3455-461b-9d07-d1d6faf2d488/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments