MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 139440ea99f0fdb275e96e8b749b64ca0528468f3b243bee6ada39b6db6327ac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 139440ea99f0fdb275e96e8b749b64ca0528468f3b243bee6ada39b6db6327ac
SHA3-384 hash: 681fbfbad0385e945ad772a4fd1e035f08828cedbb6069e411596f42cefa50cdc8de7c28e8bc6f21d77d38cb0fef0509
SHA1 hash: 2448b89504c74150c25430bb85d3dc840c593f64
MD5 hash: 99df1f6ddc920452d982b89958b510c9
humanhash: asparagus-east-cup-aspen
File name:GC1fvedn.exe
Download: download sample
Signature njrat
Create hunting rule
File size:32'768 bytes
First seen:2020-03-31 13:13:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'643 x Formbook, 12'245 x SnakeKeylogger)
ssdeep 384:zLObD1hEqcsm2uLR9y62zRWRB7GpLPCvZi2VICSyz8ckLDOHYCFXPzlpmIMxTZi6:XObD1hEmm2LyxpVvj+mF7K71J
Threatray 621 similar samples on MalwareBazaar
TLSH 94E2F70533AA4703C67D07B90826471647F1CE83453BEB5F0CD9B0ED2DBB7808A826AB
Reporter johannes
Tags:NjRAT


Avatar
viql
njrat via https://pastebin.com/raw/GC1fvedn

Intelligence

File Origin
# of uploads :
1
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.B-468
Create hunting rule

Win.Trojan.Ratenjay-1
Create hunting rule

Win.Trojan.Bladabindi-6192388-0
Create hunting rule

Win.Trojan.Generic-6417450-0
Create hunting rule

Win.Dropper.njRAT-7436651-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Bladabindi
Create hunting rule
Status:
Malicious
First seen:
2020-03-31 13:35:20 UTC
File Type:
PE (.Net Exe)
Extracted files:
5
AV detection:
30 of 31 (96.77%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cokeb2uz6d63e5pjn2fxjg3ezicsqruphmsdx3tk3i43nw3de6wa._file
Verdict:
malicious
Similar samples:
00b11363c9cd9f5e944789c5c8c8f190cb8952e572fcad351c10a0ffe4809765
njrat
14ba5f94a671a38e16b5166ebca44ddacd6fde3226015676f9c369c992b5d2f8
njrat
2b942243439c92b4921032a08567d76c0baff766661083fe8f6a9ab66966926d
njrat
2c46535200a9f6a3e9b5c0553cf2e94f939bf264bf3a29aa92b7c3fb13997287
njrat
2e71e2197518ae4077d0968f2f666635d9a1f822802aca08f092f488629d900b
njrat
5691aaf1f0f061589f0b1e28b72f25fdd63016ee069156c85cacbe5463cf9dbc
njrat
670a68a8f5bcef881c0475c26b29113821ee61a04b60148500318e3eb01cef36
njrat
9a0b8d04aac91f001774fb5c66bc9ad34dcbf1bdddfa487979b513d8e2c23fe4
njrat
af21243da675a515c8e2ca9d00b5628c1201125b1a29d46a9df0cb0b63769942
njrat
b8b65fac514cb8b167eee1426b292e00506d347a5269a17bc76a4c9f28323b98
njrat
+ 611 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/GC1fvedn

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments