MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 08da1c7771ae637a3b09d9d636b97d6cefdd1794fe3de4ade9b676188e057370. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 08da1c7771ae637a3b09d9d636b97d6cefdd1794fe3de4ade9b676188e057370
SHA3-384 hash: b07008a8ec7d25f7891b318d7babc697be8d7743e8d6c1640b99122fdee7d9f9e7775131669d330179cd21dcc73203e0
SHA1 hash: 22b4843e40988daed861b0cb1b94e486a7ee065d
MD5 hash: ee1d5ca7d9c9a761aee57cf14b81debd
humanhash: magazine-oklahoma-eight-river
File name:08da1c7771ae637a3b09d9d636b97d6cefdd1794fe3de4ade9b676188e057370
Download: download sample
Signature njrat
Create hunting rule
File size:30'720 bytes
First seen:2020-07-06 07:30:17 UTC
Last seen:2020-07-06 09:06:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 768:AiLlvzGc0ea9iJ/QM58ATaI8s0J2ytvPM5:AiLlvzGiawm+gsM2KvPM5
Threatray 295 similar samples on MalwareBazaar
TLSH A8D2E169A31DD33AD91B827B0CB7278115B563E26C32A92DF4CC81329FE27171AD17B4
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
2
# of downloads :
278
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Njrat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/21317/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.19548.23569.30352.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% directory
Creating a process from a recently created file
Creating a process with a hidden window
DNS request
Connection attempt
Launching the process to change the firewall settings
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/08da1c7771ae637a3b09d9d636b97d6cefdd1794fe3de4ade9b676188e057370/
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-06-27 10:53:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
2
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bdnby53rvzrxuoyj3hldnol5ntx52f4u7y66jlpjwz3brdqfonya._file
Verdict:
malicious
Similar samples:
00b11363c9cd9f5e944789c5c8c8f190cb8952e572fcad351c10a0ffe4809765
njrat
139440ea99f0fdb275e96e8b749b64ca0528468f3b243bee6ada39b6db6327ac
njrat
14ba5f94a671a38e16b5166ebca44ddacd6fde3226015676f9c369c992b5d2f8
njrat
21ac08fc21c99e9c3522c3555adc2e54fdada5297deda9f00304694a47e1a9e6
njrat
2b942243439c92b4921032a08567d76c0baff766661083fe8f6a9ab66966926d
njrat
2e71e2197518ae4077d0968f2f666635d9a1f822802aca08f092f488629d900b
njrat
5691aaf1f0f061589f0b1e28b72f25fdd63016ee069156c85cacbe5463cf9dbc
njrat
9a0b8d04aac91f001774fb5c66bc9ad34dcbf1bdddfa487979b513d8e2c23fe4
njrat
af21243da675a515c8e2ca9d00b5628c1201125b1a29d46a9df0cb0b63769942
njrat
b8b65fac514cb8b167eee1426b292e00506d347a5269a17bc76a4c9f28323b98
njrat
+ 285 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion
Link:
https://tria.ge/reports/200706-sz8pmya9zx/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Modifies service
Loads dropped DLL
Executes dropped EXE
Modifies Windows Firewall
Modifies Windows Firewall
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/21317/

Comments