MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 17227b4ae81515ead8350f27fd385732d18bb83ef3079940fbffd0fe3621f8da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 17227b4ae81515ead8350f27fd385732d18bb83ef3079940fbffd0fe3621f8da
SHA3-384 hash: aa8999706e6a2e894c6b822ba2fcf8039170af0861b964225209b996f3aa1ede7a27d8db2b819f525aba9f1a0e05ccf2
SHA1 hash: 7269f2414c5802f44795ee1f3b118fed34f1ab35
MD5 hash: bf867948eb4e9830f4278f2f117b7ec9
humanhash: apart-ink-washington-carbon
File name:cb7FEf3M.exe
Download: download sample
Signature njrat
Create hunting rule
File size:29'184 bytes
First seen:2020-03-30 13:01:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 384:NK7Qn4H78+iHaVvWNEtD5Y+rcCfdmlXpPuZ0Zu/yI0LE2oT3GZTZbiGvxw5kMJB7:j0QaJdZi0fdm5pPY0ZuqI0L63eZb2LV
Threatray 318 similar samples on MalwareBazaar
TLSH 9ED2294D36B60503D1BC5B7099A0931142FE82070C2BEFAF9CD5E8EB0E97BD51669DE4
Reporter johannes
Tags:NjRAT


Avatar
viql
njrat via https://pastebin.com/raw/cb7FEf3M

Intelligence

File Origin
# of uploads :
1
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.B-468
Create hunting rule

Win.Trojan.Ratenjay-1
Create hunting rule

Win.Packed.Bladabindi-7086597-0
Create hunting rule

Win.Packed.Generic-7672854-0
Create hunting rule

Win.Packed.Generic-7672855-0
Create hunting rule

Win.Packed.njRAT-7672853-1
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Bladabindi
Create hunting rule
Status:
Malicious
First seen:
2020-03-30 13:35:26 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
02df79a95ca91898b809871d3e9efa617146cadd6fb57a97056fb9b6622f62f4
njrat
31a51475efa61899f9136416538b6c0b008131dd8e7cb75aadcd306c66afcb8a
njrat
918f9caeebb7bb5faea1014a288eb2010e07100dd5303aae002368c50dac370f
njrat
9fc7649eec8fc91ad58d27badae903fce1dff83804a830b3606db194c232d653
njrat
a42ec09d5fcab03929ce3d0240cbc14f104c357c930fb2843521071df4827366
njrat
ac937327e25a96c0b3c79dfe0e8467444c87691910e0d90d89c81c9f830b0b02
njrat
b748c37f14082e151acc4c6677f19cdcd2cd26b6a8c7d6e768a090e8aecbb698
njrat
dbfb2fb740f0e4b05acc6074c798e65a6aa5ff8c9a8b7bed8f640aa1cd4153c7
njrat
dca1d9c848c823c2a06e7e4108c0b89c91b4f08a0909c91e537a060eba25b788
njrat
ece291548741cfa88e0924aecf93cb1fbff986e8e7f5eecf222c01004fff2670
njrat
+ 308 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/cb7FEf3M

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments