MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 0a613705ceebf383ab71a0737b60833fa0e89c22d775c1d6cca04a926e88ca29. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
njrat
Vendor detections: 16
| SHA256 hash: | 0a613705ceebf383ab71a0737b60833fa0e89c22d775c1d6cca04a926e88ca29 |
|---|---|
| SHA3-384 hash: | cf1fd89e0650db52e041d14b7adc82ba01d6c3feb261707962b3d4424edfe50c5f5779987eeda5975a45518de37c07c1 |
| SHA1 hash: | 2447f0231aed18aa1e668da90732be6eec19e6fb |
| MD5 hash: | a47c3def2f2ceaeb3e84a57a37580f42 |
| humanhash: | aspen-pennsylvania-fifteen-pluto |
| File name: | a47c3def2f2ceaeb3e84a57a37580f42.exe |
| Download: | download sample |
| Signature | njrat |
| File size: | 5'721'018 bytes |
| First seen: | 2023-12-19 21:10:07 UTC |
| Last seen: | Never |
| File type: | |
| MIME type: | application/x-dosexec |
| imphash | 75e9596d74d063246ba6f3ac7c5369a0 (8 x DCRat, 5 x PythonStealer, 4 x CoinMiner) |
| ssdeep | 98304:BsdgRz4ibgVk87HKPpWDgal8oE5LcUD5ckGfU/epF4ID+RePRl:5NbgVk0HKPpU9a5glkGc/exiir |
| Threatray | 1'411 similar samples on MalwareBazaar |
| TLSH | T19F463339B8C5D073F112263E0F38CA0754BABC492B520AC77789233D6B6D6C7AB35956 |
| TrID | 68.8% (.CPL) Windows Control Panel Item (generic) (57583/11/19) 12.5% (.EXE) Win64 Executable (generic) (10523/12/4) 6.0% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.3% (.EXE) Win32 Executable (generic) (4505/5/1) 2.4% (.EXE) OS/2 Executable (generic) (2029/13) |
| File icon (PE): | |
| dhash icon | d4a28e8e96b4b292 (1 x njrat) |
| Reporter | |
| Tags: | exe NjRAT RAT |
Intelligence
File Origin
# of uploads :
1
# of downloads :
384
Origin country :
NLVendor Threat Intelligence
Malware family:
njrat
ID:
1
File name:
HitmanPro.exe
Verdict:
Malicious activity
Analysis date:
2023-12-13 20:26:15 UTC
Tags:
rat njrat bladabindi remote
Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Result
Verdict:
Malware
Maliciousness:
Behaviour
Searching for the window
Creating a window
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file
Creating a process from a recently created file
Verdict:
Suspicious
Threat level:
5/10
Confidence:
100%
Tags:
anti-vm bladabindi installer lolbin overlay packed setupapi sfx shdocvw shell32
Verdict:
Malicious
Labled as:
Trojan.Generic
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Result
Threat name:
Njrat
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Signature
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
Antivirus detection for dropped file
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Contains functionality to log keystrokes (.Net Source)
Found malware configuration
Machine Learning detection for dropped file
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Njrat
Behaviour
Behavior Graph:
Score:
99%
Verdict:
Malware
File Type:
PE
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Status:
Malicious
First seen:
2023-12-13 23:31:17 UTC
File Type:
PE (Exe)
Extracted files:
138
AV detection:
20 of 37 (54.05%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
malicious
Label(s):
njrat
Similar samples:
+ 1'401 additional samples on MalwareBazaar
Result
Malware family:
njrat
Score:
10/10
Tags:
family:njrat botnet:war_11 botnet:war_12 botnet:war_13 botnet:war_14 botnet:war_15 botnet:war_16 botnet:war_17 botnet:war_18 botnet:war_19 botnet:war_5 botnet:war_6 botnet:war_7 evasion trojan
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Legitimate hosting services abused for malware hosting/C2
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Modifies Windows Firewall
njRAT/Bladabindi
Malware Config
C2 Extraction:
5.tcp.eu.ngrok.io:13064
Unpacked files
SH256 hash:
00a81429e8589400a2d8ef1155e044da77d054622a3f99824a8fb18993bd7fe1
MD5 hash:
6ff64156f4611e1217bb75f43aad936a
SHA1 hash:
fc1f6a344c4c7171721c766cf5b94f69c0708c79
Detections:
MALWARE_Win_NjRAT
SH256 hash:
1acf8316fcb05307c9e4932a21dd83b0e9c23277a547ddf5a29e9585651836a7
MD5 hash:
02ccaacb0ad2babd58527a4747531b9a
SHA1 hash:
f7c08437a78da054e8c8e9099ba3b05502af7b68
Detections:
MALWARE_Win_NjRAT
SH256 hash:
397ac8dcaa02e72a2213f6f717a2c00bf340e78531dbede9e4ab78aa27f41656
MD5 hash:
778903ffe7a11c54963ec1c535370a22
SHA1 hash:
f38bf1de5ef0ed5658b74013515be8e79031515e
Detections:
MALWARE_Win_NjRAT
SH256 hash:
cda2fd1ce8c519652e59cd3d36b2bf41335daa6e64f37dc9f25115f2dc11a698
MD5 hash:
a69bcd2fe1333415d1597b20ff7c836a
SHA1 hash:
f030ff8fd5648e1fd6cd5da7d6d7dc4b07a5bc54
Detections:
MALWARE_Win_NjRAT
SH256 hash:
6c31bfb3c43c6a443cc16a7629c20f4688ccc0b9221041a640b533162d290de6
MD5 hash:
6297a871e381b560e0d1ef9e127318e6
SHA1 hash:
e9f052ed66b8090bf59a8099493ffec1dc12554d
Detections:
MALWARE_Win_NjRAT
SH256 hash:
aca071c88725b548532ec399a6c876814ca0da4f2895c3c2e1922b9ef8e5c3f8
MD5 hash:
c16e7460d89f6e74fd440c50c1bd4116
SHA1 hash:
e37f83ac2e2aef4367671d9e5af5954dcb9c7bfb
Detections:
MALWARE_Win_NjRAT
SH256 hash:
a318df7314100be43b9dd03d3bca9fb207f191abff602999329a963be6e6b69b
MD5 hash:
71a2e45e58fae6f3ac27b7c31c372d2f
SHA1 hash:
df911f092129a734ee1bee0cd9c55abf33ff59b0
Detections:
MALWARE_Win_NjRAT
SH256 hash:
8e922f127b4c94ffad8c90708552897ff2f9f4eb4860276619879fd237809344
MD5 hash:
6055d527148ff232f6f81d4d63871541
SHA1 hash:
c6f54036e8d3f4907ac2870e4a16883bbf78e9bb
Detections:
MALWARE_Win_NjRAT
SH256 hash:
c52bfa817c99a43ee371a657edfbb2bad522098e1eb8ba9d815e6206378a7944
MD5 hash:
2417b5ef41024806343db87373190af3
SHA1 hash:
c6d58660dc41b82715906220d41f7c65e5a18f35
Detections:
MALWARE_Win_NjRAT
SH256 hash:
d2a11793eef1ea5ffcf298a14c82ba6a456735e4ec13ad163b5a28ebd043f191
MD5 hash:
fea634c47232d2e1197199e9f4624ad0
SHA1 hash:
bdf48835cf3a386afcf8b7fada0ead218bf3b147
Detections:
MALWARE_Win_NjRAT
SH256 hash:
a5afa02b2a2b0874ab9fbe52fffb9401ec866f174d39d9b9d57a78ffb2e34202
MD5 hash:
5b5f04410f97804c8c87b76b507a90f8
SHA1 hash:
b9333117099c372b748c88276ebced274e05b627
Detections:
MALWARE_Win_NjRAT
SH256 hash:
e7015d5b6c4b308156af1ef81e99563d041ab1962d5cdd13f45f4a18c25622d8
MD5 hash:
dae04adfa7baf09058e9445c27a6092b
SHA1 hash:
a5c42283b5e078e55d657e9b8dc95949b868dbae
Detections:
MALWARE_Win_NjRAT
SH256 hash:
93cca098ce20ebff51fa3ae7d555105757dc183eceffbb6b8d53fd2b711524dc
MD5 hash:
62033aaa41dbd2fc4d207aa8a9ad1f0d
SHA1 hash:
9abd886735f1550133fea167a6b19db07acb237d
Detections:
MALWARE_Win_NjRAT
SH256 hash:
ff889556e141309f1d382cb4cd6e5cb5bd0196dadd9a2b18a8af14359a4f9fde
MD5 hash:
14eb2b782eab51d7a2421586f0769e8a
SHA1 hash:
8ffcf08a7f760e6b043e4d7b16f2ea7a5367d9aa
Detections:
MALWARE_Win_NjRAT
SH256 hash:
d67cb6f5f1e4ed0ab40a38cf712dd925ba77b693f3f72d0836e5b5d893e50015
MD5 hash:
d56c803ea3c090cb91ff869c17308b4f
SHA1 hash:
85651a80800ba2939a39f685e4290cb5441852d8
Detections:
MALWARE_Win_NjRAT
SH256 hash:
4b73a3671bb0979bf367f836191f926ab655e7b95017de7217f2f103c8b1ee32
MD5 hash:
4b443be53272b1f65c7e454e883fa29a
SHA1 hash:
59ab53711dfda26e27516a0b0d575b360194713b
Detections:
win_njrat_w1
win_njrat_g1
MALWARE_Win_NjRAT
SH256 hash:
0c1dddf001360144e78ce9e120cbb9ca27073fe5a54f482eef0a8eae988dd4a6
MD5 hash:
775171e22a375c3edfe7dfea13b1aa06
SHA1 hash:
4af426888f92aae15e4f81aecbe9bff831d3b79b
Detections:
NjRat
win_njrat_w1
win_njrat_g1
MALWARE_Win_NjRAT
SH256 hash:
ed4560728f36caffbd307eaf032cd58b9eb3718ad316f8827e111f213c46d12f
MD5 hash:
36c38952f1602e8fcadb0113d38a1645
SHA1 hash:
3bd3747449fe8975118fff922b547200d0274405
Detections:
NjRat
win_njrat_w1
win_njrat_g1
MALWARE_Win_NjRAT
SH256 hash:
96e1ee086023d7d6dcb693e9d0f763ba514731a7872f9d27053ef400d05d77e6
MD5 hash:
436ba8c40d3fe6ecb278960731d7d843
SHA1 hash:
34e01ad0e1c12b53069f484c059cdc4dad584150
Detections:
NjRat
win_njrat_w1
win_njrat_g1
MALWARE_Win_NjRAT
SH256 hash:
07adb74f11af70b04020b1c26a5fc412e31d3ad4f6d853e9ba8fc5aa8480423d
MD5 hash:
b6f7107573e9ed404734f8769b1694d4
SHA1 hash:
1caf8bfea6db9aee4476d048a0a711d9aad16259
Detections:
NjRat
win_njrat_w1
win_njrat_g1
MALWARE_Win_NjRAT
SH256 hash:
9cc8f894b0cfdb81f378948d9a496fb5cc12a7624262f04736695c12839dfd24
MD5 hash:
d5945adca0bbff77db42627d27ed5e69
SHA1 hash:
0ffa34633049fed8c033ff25af4e12a217d90092
Detections:
NjRat
win_njrat_w1
win_njrat_g1
MALWARE_Win_NjRAT
SH256 hash:
726dec584729441031c9e160000d5a529ec926e551ea2ee17411ea5cef458645
MD5 hash:
651c9462ba7f94cf29fdd39bfb91310c
SHA1 hash:
083d805668975289ecea4015f89fe84da255270e
Detections:
NjRat
win_njrat_w1
win_njrat_g1
MALWARE_Win_NjRAT
SH256 hash:
62b82d86b57e39832d270c8e2ed2d3618c0eefe990b046a0a3524b35daa0b0b6
MD5 hash:
071ba19bc655b660cc04c2aa4b6f42b4
SHA1 hash:
00705b138b12cbd203be63c197eea95aa5b9212f
Detections:
NjRat
win_njrat_w1
win_njrat_g1
MALWARE_Win_NjRAT
SH256 hash:
0a613705ceebf383ab71a0737b60833fa0e89c22d775c1d6cca04a926e88ca29
MD5 hash:
a47c3def2f2ceaeb3e84a57a37580f42
SHA1 hash:
2447f0231aed18aa1e668da90732be6eec19e6fb
Malware family:
njRAT
Verdict:
Malicious
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.