MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 048cc9b5192aaf602f1c1cb21caf8b5c8e96b8f51f32ff010dbc7e669d5f856d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 048cc9b5192aaf602f1c1cb21caf8b5c8e96b8f51f32ff010dbc7e669d5f856d
SHA3-384 hash: e92e4d9b00917e1674390340aa62f9b672a34c5ecfb0a6416bd52b09ca130673f74365dc401a66c71fb4191e48b68e92
SHA1 hash: a48c8674a250ef475f82a896313b539224a36038
MD5 hash: d5fabe4eb05d90bb9195ace569e36d48
humanhash: arizona-wolfram-massachusetts-march
File name:SecuriteInfo.com.LuheFihaA.800.13705
Download: download sample
Signature njrat
Create hunting rule
File size:796'160 bytes
First seen:2020-07-13 19:13:17 UTC
Last seen:2020-08-02 07:34:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'660 x AgentTesla, 19'470 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 6144:fBLL/nA9WB5+cXNIwt7tpWs1WcpvF2o6TAoqmDGclo:tL7ucHoQJpTT
TLSH 5B05A56A27595813D76D827C35D2EC0BF6448CD22A5C6ECB06837FC9DE72671E086C2E
Reporter SecuriteInfoCom
Tags:NjRAT

Intelligence

File Origin
# of uploads :
3
# of downloads :
297
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Njrat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/25517/
Detection(s):
SecuriteInfo.com.LuheFihaA.800.13705.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %AppData% directory
Creating a process from a recently created file
Creating a process with a hidden window
Creating a window
DNS request
Launching the process to change the firewall settings
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun with Startup directory
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/048cc9b5192aaf602f1c1cb21caf8b5c8e96b8f51f32ff010dbc7e669d5f856d/
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2018-02-12 17:03:54 UTC
File Type:
PE (.Net Exe)
Extracted files:
54
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=asgmtnizfkxwaly4dszbzl4llshjnohvd4zp6ainxr7gnhk7qvwq._file
Verdict:
unknown
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
evasion persistence trojan family:njrat
Link:
https://tria.ge/reports/200713-bfchl83nd2/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies service
Adds Run entry to start application
Drops startup file
Loads dropped DLL
Modifies Windows Firewall
Executes dropped EXE
njRAT/Bladabindi
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

njrat

Executable exe 048cc9b5192aaf602f1c1cb21caf8b5c8e96b8f51f32ff010dbc7e669d5f856d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/412490/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/25517/

Comments