MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 05a4f37dfd57637fe088ce4c3eb6aa5811f0187f336625d7b6ef19e6eb73dd0c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 05a4f37dfd57637fe088ce4c3eb6aa5811f0187f336625d7b6ef19e6eb73dd0c
SHA3-384 hash: 9c1fcba97c0b23dbf615a5f10499a055e9874eca2688751626422590c62f0099231bc6183e67281033ed87e72e465454
SHA1 hash: 4b5f067bc715828c6f980c92227c82aa064dc4e4
MD5 hash: 3ef5ca91d5b55a73e5e3d17b154f83ff
humanhash: network-mockingbird-carolina-violet
File name:05a4f37dfd57637fe088ce4c3eb6aa5811f0187f336625d7b6ef19e6eb73dd0c
Download: download sample
Signature njrat
Create hunting rule
File size:124'928 bytes
First seen:2020-06-10 11:43:06 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'608 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 1536:wapsJlx8+pl6WiwGBOVkvs80OrErdJJuF4iz6SYgvmcPUSomie:waeJlW+z6oGRE89E1uSizHKrp
Threatray 615 similar samples on MalwareBazaar
TLSH 3BC3650125EA387AD07B8E712BF5FEF1CAFCE9235507E27A1480521A4736B43A84D5F6
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Agent-8015107-0
Create hunting rule

Win.Packed.Ursu-8015308-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Occamy
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 03:06:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
13
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=awspg7p5k5rx7yeizzgd5nvklai7agd7gntclv5w54m6n23t3uga._file
Verdict:
malicious
Similar samples:
04e5c465f8681e4304b463790bc5a91ba211275fcab82083289d2b2e66ad656e
njrat
079a2a4be6a17ac3dbf734be79538047c1b06302184be7cf08fde01112d0b974
njrat
2a9a508675ddc595e04e01f996dbc2ddeaf5efd0fb0ef494646f341ea6930c15
njrat
51c8e10c77c9f131b207be4bff0e37a09cf4f24b3b941416ae22bc438d1730c4
njrat
7c267f393664ccc38c7a4fb521587e77db7fc7e3a157a9ef5c19783f03a67c76
njrat
839fed416da07d973bd32504c2d27f69abf4a559d168393564fe2a39385f734f
njrat
a949a372d364a5043427eb1577c008168da96d8aaf6384169324c6826d579e2f
njrat
b12734ce0e16f6c1f861e4bf0396ea6775f5588359bea2643e5716b5f6466c06
njrat
bd6f57de76732dbf244fb5efd8b53104b35c8b9fb5c3c99cc5ee2d0edd7d1f66
njrat
fa5f5817b08add918117f89e06e53abea40fcda0ae3ae588622f9c1a73202cae
njrat
+ 605 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-nmajzadlv2/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Drops file in Windows directory
Drops desktop.ini file(s)
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments