MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 030cd4cdbd815e8319eb343efb96d996c81e0e563aa0dfcbd2bb4a120fbaeb63. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 030cd4cdbd815e8319eb343efb96d996c81e0e563aa0dfcbd2bb4a120fbaeb63
SHA3-384 hash: 3996963fe17f15b4ed7c028a14bd65ba180746576dcc14b802911df5cf50dc54cabde1eb441e88175655e28dfd5a6a91
SHA1 hash: 72fe853d8ef8d9130f599757934024e0b17f9d39
MD5 hash: fc65aa78c3d7ef430e8e3c2b01b91dd1
humanhash: winter-ten-ack-aspen
File name:45(1).exe
Download: download sample
Signature njrat
Create hunting rule
File size:278'016 bytes
First seen:2021-05-06 14:05:46 UTC
Last seen:2021-05-06 15:20:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 3072:PuZqRpCnyublZ2RXxfg6/xr+VBFaI1YIYiheeeeeeeeefYDeOiClppeppOpplppZ:GZOpcjBZ2RXxfVZrMBgkSOG9iO2RK
Threatray 242 similar samples on MalwareBazaar
TLSH 0744F7CD3216B4DFC95784B1BD52DC7CD733A87A930BA207647326ADD66D0AB9B100E2
Reporter starsSk87264403
Tags:NjRAT

Intelligence

File Origin
# of uploads :
2
# of downloads :
146
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Njrat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/151662/
Detection(s):
SecuriteInfo.com.Variant.Ursu.785404.23615.25088.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Njrat
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/716418
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected Njrat
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/030cd4cdbd815e8319eb343efb96d996c81e0e563aa0dfcbd2bb4a120fbaeb63/
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2021-04-18 23:37:02 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=amgnjtn5qfpiggplgq7pxfwzs3eb4dswhkqn7s6sxnfbed525nrq._file
Verdict:
malicious
Similar samples:
0d02dcf0e19e572698e38df75c6e01bab4a26e4a5c76647c6b98e5db2c612ae0
njrat
41efc16c24de6ee0b2ef7532958b5413796c18c87729b7c6114e371ab24e5bd0
njrat
47c0dafcb3c519deda7ad05c29d4df6d38d3d701a48bc0e071a4ae66a0a99a09
njrat
5176fa6f4f5ae41f1c9b066d0b746e5002b3dbdaf8aa2ce6aa19e1cd630553c8
njrat
5ab3356b442f26bcaf9162a636f3ff366aea3af4031efdf46cc800830d95a84d
njrat
6725a43f27f9a66bc142e0801bc1cd11e5dea9855f65c7dcde1db498f4d81afd
njrat
950a7326c17a7d8d5eefd99b7df2771f6fd3a5a4942ec2f25252c73e02deecf0
njrat
a634299f73b65280d2005c8d44a63cb28c4068d9c9ac6b29ba5052f0046d291f
njrat
b31273c0535133d8ae04fc5e881bef7e6471f6de899c88fad93b8e74326d07bd
njrat
e8abface742626067362604348ae06cdbd161a3f148e085e6a9c053bf694e332
njrat
+ 232 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210506-yzzhv7e44x/
Behaviour
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
030cd4cdbd815e8319eb343efb96d996c81e0e563aa0dfcbd2bb4a120fbaeb63
MD5 hash:
fc65aa78c3d7ef430e8e3c2b01b91dd1
SHA1 hash:
72fe853d8ef8d9130f599757934024e0b17f9d39
Link:
https://www.unpac.me/results/e1544a71-6c38-45f9-9e2b-cae318059102/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
NJRat
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/030cd4cdbd815e8319eb343efb96d996c81e0e563aa0dfcbd2bb4a120fbaeb63

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFu
Create hunting rule
Author:ditekSHen
Description:Detect executables with stomped PE compilation timestamp that is greater than local current time

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

njrat

Executable exe 030cd4cdbd815e8319eb343efb96d996c81e0e563aa0dfcbd2bb4a120fbaeb63

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1194999/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/151662/

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-05-06 16:38:36 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [F0001.009] Anti-Behavioral Analysis::Confuser