MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e74c2ee6af403d13dfe7ff6b11d3f1eb04c177202eb752448640c06db1566ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

njrat

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	0e74c2ee6af403d13dfe7ff6b11d3f1eb04c177202eb752448640c06db1566ec
SHA3-384 hash:	be395494724de482b76bd6131c6e8a1831f1f82c8f842cb5ea759da71758c04cb46f9194a9212e0d09baf4fa20f141a8
SHA1 hash:	2d964efffc2c9111560ed3f78730145bfee0db65
MD5 hash:	37f6d8c060da87442cbf8573823b14bc
humanhash:	bravo-sink-carolina-illinois
File name:	0e74c2ee6af403d13dfe7ff6b11d3f1eb04c177202eb752448640c06db1566ec
Download:	download sample
Signature	njrat Create hunting rule
File size:	249'344 bytes
First seen:	2020-11-15 22:48:13 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'609 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	6144:HCsswyZ6yL5dbRc1LF1FA2nKDMdn7ncnCnIRNTrnTnwZtIFTiPnzn/Ck+/nWHcFX:G9iWUpH8Pmow7+EotLJB
Threatray	11 similar samples on MalwareBazaar
TLSH	9934C07C0E966D72C5AC833F8CA73E18A7B8D5181287D3AF0C45E5A26DA37C15A31D87
Reporter	seifreed
Tags:	NjRAT

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Packed.Razy-7334624-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Launching a process

Creating a file

Creating a file in the %temp% directory

Creating a process from a recently created file

Unauthorized injection to a recently created process

Unauthorized injection to a system process

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0e74c2ee6af403d13dfe7ff6b11d3f1eb04c177202eb752448640c06db1566ec/

Threat name:

ByteCode-MSIL.Backdoor.DarkComet

Status:

Malicious

First seen:

2020-11-15 22:49:03 UTC

AV detection:

25 of 28 (89.29%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=bz2mf3tk6qb5cpp6p73lchj7d2yeyf3salvxkjcimqganwyvm3wa._file

Result

Malware family:

n/a

Score:

9/10

Tags:

n/a

Link:

https://tria.ge/reports/201115-8b5qp1m9la/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Loads dropped DLL

Executes dropped EXE

Unpacked files

SH256 hash:

0e74c2ee6af403d13dfe7ff6b11d3f1eb04c177202eb752448640c06db1566ec

MD5 hash:

37f6d8c060da87442cbf8573823b14bc

SHA1 hash:

2d964efffc2c9111560ed3f78730145bfee0db65

Link:

https://www.unpac.me/results/75317c81-0248-4269-902c-c5549763731b/

SH256 hash:

e9c6f1b9acf533a0e28501a8f62ab9758ac327fc64501f079fb7dd3510a86b50

MD5 hash:

7f1932d91c8abfd9c4844f546b8c2ed5

SHA1 hash:

3fa0aeb512a0b99d6cecdbc428294508208104dd

Link:

https://www.unpac.me/results/75317c81-0248-4269-902c-c5549763731b/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.98

Link:

https://yomi.yoroi.company/submissions/0e74c2ee6af403d13dfe7ff6b11d3f1eb04c177202eb752448640c06db1566ec

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample