MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a613705ceebf383ab71a0737b60833fa0e89c22d775c1d6cca04a926e88ca29. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 16


Intelligence 16 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0a613705ceebf383ab71a0737b60833fa0e89c22d775c1d6cca04a926e88ca29
SHA3-384 hash: cf1fd89e0650db52e041d14b7adc82ba01d6c3feb261707962b3d4424edfe50c5f5779987eeda5975a45518de37c07c1
SHA1 hash: 2447f0231aed18aa1e668da90732be6eec19e6fb
MD5 hash: a47c3def2f2ceaeb3e84a57a37580f42
humanhash: aspen-pennsylvania-fifteen-pluto
File name:a47c3def2f2ceaeb3e84a57a37580f42.exe
Download: download sample
Signature njrat
Create hunting rule
File size:5'721'018 bytes
First seen:2023-12-19 21:10:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 75e9596d74d063246ba6f3ac7c5369a0 (8 x DCRat, 5 x PythonStealer, 4 x CoinMiner)
ssdeep 98304:BsdgRz4ibgVk87HKPpWDgal8oE5LcUD5ckGfU/epF4ID+RePRl:5NbgVk0HKPpU9a5glkGc/exiir
Threatray 1'411 similar samples on MalwareBazaar
TLSH T19F463339B8C5D073F112263E0F38CA0754BABC492B520AC77789233D6B6D6C7AB35956
TrID 68.8% (.CPL) Windows Control Panel Item (generic) (57583/11/19)
12.5% (.EXE) Win64 Executable (generic) (10523/12/4)
6.0% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.3% (.EXE) Win32 Executable (generic) (4505/5/1)
2.4% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon d4a28e8e96b4b292 (1 x njrat)
Reporter abuse_ch
Tags:exe NjRAT RAT


Avatar
abuse_ch
njrat C2:
3.67.161.133:13064

Intelligence

File Origin
# of uploads :
1
# of downloads :
384
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
njrat
Create hunting rule
ID:
1
File name:
HitmanPro.exe
Verdict:
Malicious activity
Analysis date:
2023-12-13 20:26:15 UTC
Tags:
rat njrat bladabindi remote
Link:
https://app.any.run/tasks/98f54bb5-9191-484e-ae5b-fe6f8897b4b4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/468559/
Detection(s):
Win.Dropper.njRAT-9986242-0
Create hunting rule

Win.Packed.Babar-10012967-0
Create hunting rule

Win.Packed.Bladabindi-10017056-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file
Creating a process from a recently created file
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-vm bladabindi installer lolbin overlay packed setupapi sfx shdocvw shell32
Link:
https://www.filescan.io/uploads/658206e8d48681e0d6633626/reports/9c3648e5-949f-4a29-bd5f-15c305927c79/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/0a613705ceebf383ab71a0737b60833fa0e89c22d775c1d6cca04a926e88ca29
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/e86e201e-8695-4d69-893c-231d7cdddca4
Result
Threat name:
Njrat
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1364787
Signature
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
Antivirus detection for dropped file
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Contains functionality to log keystrokes (.Net Source)
Found malware configuration
Machine Learning detection for dropped file
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Njrat
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1364787 Sample: 2T0Owh6XxO.exe Startdate: 19/12/2023 Architecture: WINDOWS Score: 100 95 Snort IDS alert for network traffic 2->95 97 Found malware configuration 2->97 99 Malicious sample detected (through community Yara rule) 2->99 101 11 other signatures 2->101 14 2T0Owh6XxO.exe 6 2->14         started        process3 file4 93 C:\Users\user\Desktop\cav_installer.exe, PE32 14->93 dropped 17 cav_installer.exe 6 14->17         started        process5 file6 61 C:\Users\user\Desktop\chromodosetup.exe, PE32 17->61 dropped 103 Multi AV Scanner detection for dropped file 17->103 21 chromodosetup.exe 6 17->21         started        signatures7 process8 file9 77 C:\Users\user\Desktop\CocCocSetup.exe, PE32 21->77 dropped 109 Multi AV Scanner detection for dropped file 21->109 25 CocCocSetup.exe 6 21->25         started        signatures10 process11 file12 83 C:\Users\user\Desktop\SignalSetup.exe, PE32 25->83 dropped 113 Multi AV Scanner detection for dropped file 25->113 29 SignalSetup.exe 6 25->29         started        signatures13 process14 file15 87 C:\Users\user\...\adawaresafebrowser.exe, PE32 29->87 dropped 117 Multi AV Scanner detection for dropped file 29->117 33 Firefox Setup 115.5.0esr.exe 29->33         started        36 adawaresafebrowser.exe 6 29->36         started        signatures16 process17 file18 63 C:\Users\...\avast_secure_browser_setup.exe, PE32 33->63 dropped 39 avast_secure_browser_setup.exe 33->39         started        65 C:\Users\...\avg_secure_browser_setup.exe, PE32 36->65 dropped 105 Multi AV Scanner detection for dropped file 36->105 43 avg_secure_browser_setup.exe 6 36->43         started        signatures19 process20 file21 79 C:\Users\user\Desktop\cfw_installer.exe, PE32 39->79 dropped 111 Multi AV Scanner detection for dropped file 39->111 45 cfw_installer.exe 39->45         started        81 C:\Users\user\Desktop\Aol_Shield.exe, PE32 43->81 dropped 49 Aol_Shield.exe 43->49         started        signatures22 process23 file24 89 C:\Users\user\Desktop\ccsetup619.exe, PE32 45->89 dropped 119 Multi AV Scanner detection for dropped file 45->119 51 ccsetup619.exe 45->51         started        91 C:\Users\user\Desktop\icedragonsetup.exe, PE32 49->91 dropped 55 icedragonsetup.exe 49->55         started        signatures25 process26 file27 67 C:\Users\...\zafwSetupWeb_158_213_19411.exe, PE32 51->67 dropped 69 C:\Users\user\Desktop\setup_1.0.5.1360.exe, PE32 51->69 dropped 71 C:\Users\user\Desktop\rcsetup153.exe, PE32 51->71 dropped 75 21 other malicious files 51->75 dropped 107 Multi AV Scanner detection for dropped file 51->107 73 C:\Users\user\...\ciscomplete_installer.exe, PE32 55->73 dropped 57 ciscomplete_installer.exe 55->57         started        signatures28 process29 file30 85 C:\Users\user\...\ccleaner_browser_setup.exe, PE32 57->85 dropped 115 Multi AV Scanner detection for dropped file 57->115 signatures31
Score:
99%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/0a613705ceebf383ab71a0737b60833fa0e89c22d775c1d6cca04a926e88ca29
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0a613705ceebf383ab71a0737b60833fa0e89c22d775c1d6cca04a926e88ca29/
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2023-12-13 23:31:17 UTC
File Type:
PE (Exe)
Extracted files:
138
AV detection:
20 of 37 (54.05%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bjqtoboo5pzyhk3rubzxwyedh6qorhbc2524dvwmubfje3uiziuq._file
Verdict:
malicious
Label(s):
njrat
Create hunting rule
Similar samples:
0d2e0fcd0d0b7034acb740ce51baa0bec329c0c8547dd7caf2aabb5c91c7dc99
njrat
2e4aa0e3181c96b6001135a8f5cdf00a041ad0e0cb6f61385b5942aae3e194bd
njrat
6a65ffab90209b9a5fad0523b2878228f7062afc4679742d1efa0e77f419a8d8
njrat
718a0d28eba875ac69a1b5f6705ec3d3498bbb63d28b43798278b45f60d0bff7
njrat
ce408e126def4dab38a7a260d4775111b140154cfc5abb1b6a0f397884e0577a
njrat
de544fa6de7f86b58ff6e82a682ff8bbcc8dcdaeee61421e720f09a3471f1a72
njrat
f41b85f9d5781730263555803c9387d85afca6ef21c3640f11514bf22e82f082
njrat
+ 1'401 additional samples on MalwareBazaar
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
family:njrat botnet:war_11 botnet:war_12 botnet:war_13 botnet:war_14 botnet:war_15 botnet:war_16 botnet:war_17 botnet:war_18 botnet:war_19 botnet:war_5 botnet:war_6 botnet:war_7 evasion trojan
Link:
https://tria.ge/reports/231219-z1kw5scfaq/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Legitimate hosting services abused for malware hosting/C2
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Modifies Windows Firewall
njRAT/Bladabindi
Malware Config
C2 Extraction:
5.tcp.eu.ngrok.io:13064
Unpacked files
SH256 hash:
00a81429e8589400a2d8ef1155e044da77d054622a3f99824a8fb18993bd7fe1
MD5 hash:
6ff64156f4611e1217bb75f43aad936a
SHA1 hash:
fc1f6a344c4c7171721c766cf5b94f69c0708c79
Detections:
MALWARE_Win_NjRAT
Create hunting rule
Link:
https://www.unpac.me/results/1c0840fc-e3ec-439c-ac5f-319e3d058832/
SH256 hash:
1acf8316fcb05307c9e4932a21dd83b0e9c23277a547ddf5a29e9585651836a7
MD5 hash:
02ccaacb0ad2babd58527a4747531b9a
SHA1 hash:
f7c08437a78da054e8c8e9099ba3b05502af7b68
Detections:
MALWARE_Win_NjRAT
Create hunting rule
Link:
https://www.unpac.me/results/1c0840fc-e3ec-439c-ac5f-319e3d058832/
SH256 hash:
397ac8dcaa02e72a2213f6f717a2c00bf340e78531dbede9e4ab78aa27f41656
MD5 hash:
778903ffe7a11c54963ec1c535370a22
SHA1 hash:
f38bf1de5ef0ed5658b74013515be8e79031515e
Detections:
MALWARE_Win_NjRAT
Create hunting rule
Link:
https://www.unpac.me/results/1c0840fc-e3ec-439c-ac5f-319e3d058832/
SH256 hash:
cda2fd1ce8c519652e59cd3d36b2bf41335daa6e64f37dc9f25115f2dc11a698
MD5 hash:
a69bcd2fe1333415d1597b20ff7c836a
SHA1 hash:
f030ff8fd5648e1fd6cd5da7d6d7dc4b07a5bc54
Detections:
MALWARE_Win_NjRAT
Create hunting rule
Link:
https://www.unpac.me/results/1c0840fc-e3ec-439c-ac5f-319e3d058832/
SH256 hash:
6c31bfb3c43c6a443cc16a7629c20f4688ccc0b9221041a640b533162d290de6
MD5 hash:
6297a871e381b560e0d1ef9e127318e6
SHA1 hash:
e9f052ed66b8090bf59a8099493ffec1dc12554d
Detections:
MALWARE_Win_NjRAT
Create hunting rule
Link:
https://www.unpac.me/results/1c0840fc-e3ec-439c-ac5f-319e3d058832/
SH256 hash:
aca071c88725b548532ec399a6c876814ca0da4f2895c3c2e1922b9ef8e5c3f8
MD5 hash:
c16e7460d89f6e74fd440c50c1bd4116
SHA1 hash:
e37f83ac2e2aef4367671d9e5af5954dcb9c7bfb
Detections:
MALWARE_Win_NjRAT
Create hunting rule
Link:
https://www.unpac.me/results/1c0840fc-e3ec-439c-ac5f-319e3d058832/
SH256 hash:
a318df7314100be43b9dd03d3bca9fb207f191abff602999329a963be6e6b69b
MD5 hash:
71a2e45e58fae6f3ac27b7c31c372d2f
SHA1 hash:
df911f092129a734ee1bee0cd9c55abf33ff59b0
Detections:
MALWARE_Win_NjRAT
Create hunting rule
Link:
https://www.unpac.me/results/1c0840fc-e3ec-439c-ac5f-319e3d058832/
SH256 hash:
8e922f127b4c94ffad8c90708552897ff2f9f4eb4860276619879fd237809344
MD5 hash:
6055d527148ff232f6f81d4d63871541
SHA1 hash:
c6f54036e8d3f4907ac2870e4a16883bbf78e9bb
Detections:
MALWARE_Win_NjRAT
Create hunting rule
Link:
https://www.unpac.me/results/1c0840fc-e3ec-439c-ac5f-319e3d058832/
SH256 hash:
c52bfa817c99a43ee371a657edfbb2bad522098e1eb8ba9d815e6206378a7944
MD5 hash:
2417b5ef41024806343db87373190af3
SHA1 hash:
c6d58660dc41b82715906220d41f7c65e5a18f35
Detections:
MALWARE_Win_NjRAT
Create hunting rule
Link:
https://www.unpac.me/results/1c0840fc-e3ec-439c-ac5f-319e3d058832/
SH256 hash:
d2a11793eef1ea5ffcf298a14c82ba6a456735e4ec13ad163b5a28ebd043f191
MD5 hash:
fea634c47232d2e1197199e9f4624ad0
SHA1 hash:
bdf48835cf3a386afcf8b7fada0ead218bf3b147
Detections:
MALWARE_Win_NjRAT
Create hunting rule
Link:
https://www.unpac.me/results/1c0840fc-e3ec-439c-ac5f-319e3d058832/
SH256 hash:
a5afa02b2a2b0874ab9fbe52fffb9401ec866f174d39d9b9d57a78ffb2e34202
MD5 hash:
5b5f04410f97804c8c87b76b507a90f8
SHA1 hash:
b9333117099c372b748c88276ebced274e05b627
Detections:
MALWARE_Win_NjRAT
Create hunting rule
Link:
https://www.unpac.me/results/1c0840fc-e3ec-439c-ac5f-319e3d058832/
SH256 hash:
e7015d5b6c4b308156af1ef81e99563d041ab1962d5cdd13f45f4a18c25622d8
MD5 hash:
dae04adfa7baf09058e9445c27a6092b
SHA1 hash:
a5c42283b5e078e55d657e9b8dc95949b868dbae
Detections:
MALWARE_Win_NjRAT
Create hunting rule
Link:
https://www.unpac.me/results/1c0840fc-e3ec-439c-ac5f-319e3d058832/
SH256 hash:
93cca098ce20ebff51fa3ae7d555105757dc183eceffbb6b8d53fd2b711524dc
MD5 hash:
62033aaa41dbd2fc4d207aa8a9ad1f0d
SHA1 hash:
9abd886735f1550133fea167a6b19db07acb237d
Detections:
MALWARE_Win_NjRAT
Create hunting rule
Link:
https://www.unpac.me/results/1c0840fc-e3ec-439c-ac5f-319e3d058832/
SH256 hash:
ff889556e141309f1d382cb4cd6e5cb5bd0196dadd9a2b18a8af14359a4f9fde
MD5 hash:
14eb2b782eab51d7a2421586f0769e8a
SHA1 hash:
8ffcf08a7f760e6b043e4d7b16f2ea7a5367d9aa
Detections:
MALWARE_Win_NjRAT
Create hunting rule
Link:
https://www.unpac.me/results/1c0840fc-e3ec-439c-ac5f-319e3d058832/
SH256 hash:
d67cb6f5f1e4ed0ab40a38cf712dd925ba77b693f3f72d0836e5b5d893e50015
MD5 hash:
d56c803ea3c090cb91ff869c17308b4f
SHA1 hash:
85651a80800ba2939a39f685e4290cb5441852d8
Detections:
MALWARE_Win_NjRAT
Create hunting rule
Link:
https://www.unpac.me/results/1c0840fc-e3ec-439c-ac5f-319e3d058832/
SH256 hash:
4b73a3671bb0979bf367f836191f926ab655e7b95017de7217f2f103c8b1ee32
MD5 hash:
4b443be53272b1f65c7e454e883fa29a
SHA1 hash:
59ab53711dfda26e27516a0b0d575b360194713b
Detections:
win_njrat_w1
Create hunting rule
win_njrat_g1
Create hunting rule
MALWARE_Win_NjRAT
Create hunting rule
Link:
https://www.unpac.me/results/1c0840fc-e3ec-439c-ac5f-319e3d058832/
SH256 hash:
0c1dddf001360144e78ce9e120cbb9ca27073fe5a54f482eef0a8eae988dd4a6
MD5 hash:
775171e22a375c3edfe7dfea13b1aa06
SHA1 hash:
4af426888f92aae15e4f81aecbe9bff831d3b79b
Detections:
NjRat
Create hunting rule
win_njrat_w1
Create hunting rule
win_njrat_g1
Create hunting rule
MALWARE_Win_NjRAT
Create hunting rule
Link:
https://www.unpac.me/results/1c0840fc-e3ec-439c-ac5f-319e3d058832/
SH256 hash:
ed4560728f36caffbd307eaf032cd58b9eb3718ad316f8827e111f213c46d12f
MD5 hash:
36c38952f1602e8fcadb0113d38a1645
SHA1 hash:
3bd3747449fe8975118fff922b547200d0274405
Detections:
NjRat
Create hunting rule
win_njrat_w1
Create hunting rule
win_njrat_g1
Create hunting rule
MALWARE_Win_NjRAT
Create hunting rule
Link:
https://www.unpac.me/results/1c0840fc-e3ec-439c-ac5f-319e3d058832/
SH256 hash:
96e1ee086023d7d6dcb693e9d0f763ba514731a7872f9d27053ef400d05d77e6
MD5 hash:
436ba8c40d3fe6ecb278960731d7d843
SHA1 hash:
34e01ad0e1c12b53069f484c059cdc4dad584150
Detections:
NjRat
Create hunting rule
win_njrat_w1
Create hunting rule
win_njrat_g1
Create hunting rule
MALWARE_Win_NjRAT
Create hunting rule
Link:
https://www.unpac.me/results/1c0840fc-e3ec-439c-ac5f-319e3d058832/
SH256 hash:
07adb74f11af70b04020b1c26a5fc412e31d3ad4f6d853e9ba8fc5aa8480423d
MD5 hash:
b6f7107573e9ed404734f8769b1694d4
SHA1 hash:
1caf8bfea6db9aee4476d048a0a711d9aad16259
Detections:
NjRat
Create hunting rule
win_njrat_w1
Create hunting rule
win_njrat_g1
Create hunting rule
MALWARE_Win_NjRAT
Create hunting rule
Link:
https://www.unpac.me/results/1c0840fc-e3ec-439c-ac5f-319e3d058832/
SH256 hash:
9cc8f894b0cfdb81f378948d9a496fb5cc12a7624262f04736695c12839dfd24
MD5 hash:
d5945adca0bbff77db42627d27ed5e69
SHA1 hash:
0ffa34633049fed8c033ff25af4e12a217d90092
Detections:
NjRat
Create hunting rule
win_njrat_w1
Create hunting rule
win_njrat_g1
Create hunting rule
MALWARE_Win_NjRAT
Create hunting rule
Link:
https://www.unpac.me/results/1c0840fc-e3ec-439c-ac5f-319e3d058832/
SH256 hash:
726dec584729441031c9e160000d5a529ec926e551ea2ee17411ea5cef458645
MD5 hash:
651c9462ba7f94cf29fdd39bfb91310c
SHA1 hash:
083d805668975289ecea4015f89fe84da255270e
Detections:
NjRat
Create hunting rule
win_njrat_w1
Create hunting rule
win_njrat_g1
Create hunting rule
MALWARE_Win_NjRAT
Create hunting rule
Link:
https://www.unpac.me/results/1c0840fc-e3ec-439c-ac5f-319e3d058832/
SH256 hash:
62b82d86b57e39832d270c8e2ed2d3618c0eefe990b046a0a3524b35daa0b0b6
MD5 hash:
071ba19bc655b660cc04c2aa4b6f42b4
SHA1 hash:
00705b138b12cbd203be63c197eea95aa5b9212f
Detections:
NjRat
Create hunting rule
win_njrat_w1
Create hunting rule
win_njrat_g1
Create hunting rule
MALWARE_Win_NjRAT
Create hunting rule
Link:
https://www.unpac.me/results/1c0840fc-e3ec-439c-ac5f-319e3d058832/
SH256 hash:
0a613705ceebf383ab71a0737b60833fa0e89c22d775c1d6cca04a926e88ca29
MD5 hash:
a47c3def2f2ceaeb3e84a57a37580f42
SHA1 hash:
2447f0231aed18aa1e668da90732be6eec19e6fb
Link:
https://www.unpac.me/results/1c0840fc-e3ec-439c-ac5f-319e3d058832/
Malware family:
njRAT
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/0a613705ceeb/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0a613705ceebf383ab71a0737b60833fa0e89c22d775c1d6cca04a926e88ca29

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/468559/

Comments