MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a0957b5bc93cb34aae0e66277552a7bfbe8431beda2fa42d75eef20a9e2b52b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1a0957b5bc93cb34aae0e66277552a7bfbe8431beda2fa42d75eef20a9e2b52b
SHA3-384 hash: fc3c62c9b46af661ba6b6a09de1af58bc3f275ffee66949e4422b50d2756fc03585a5c001f970936939828fdd7a3a74f
SHA1 hash: 4b7f078817c28c6cb39e61dcb42ae93eb0f08802
MD5 hash: d74b0ae59c1cb94e55a51a282c88eb7c
humanhash: carolina-rugby-romeo-moon
File name:1a0957b5bc93cb34aae0e66277552a7bfbe8431beda2fa42d75eef20a9e2b52b
Download: download sample
Signature njrat
Create hunting rule
File size:449'024 bytes
First seen:2020-06-17 09:19:27 UTC
Last seen:2020-06-17 09:42:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 3072:uPsaOQ3iReOn2G3PGOOeuYf3vP+OW3jgcCmHzMBPr/IaH2RvrPneuyH+oOmjXKHK:aO
Threatray 24 similar samples on MalwareBazaar
TLSH 9FA4E530590466FBB117D37580D318238AD984D9033199EF18644FBF9BA1E6A3D1FBAE
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
2
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Njrat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/19323/
Detection(s):
SecuriteInfo.com.Atros4.AYZU.473.32118.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Backdoor.Zapchast
Create hunting rule
Status:
Malicious
First seen:
2016-11-17 00:57:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dievpnn4spftjkxa4zrhovjkpp56qqy35wrpuqwxl3xsbkpcwuvq._file
Verdict:
malicious
Similar samples:
133531deb093f5e5684d02dd919901e8cb5369b81f9a36ef919451bf02555e55
njrat
2de69c2d371c790dd7977c5778e4c3cc1c9df180e8075a490e8eda4a1536bc63
njrat
3bcdd5251b274e2a0d1cd4dd4a77dce31fff7c38b6f76b858dc2ed2c47ae57a2
njrat
48cad358250f70cffecaed785f4d128f48174adc0ee5948e00ab1b6ffbef803c
njrat
51d9993db6088b6817645cc0054e62926e4f249cb405ae05355a6d4520a46525
njrat
5b2459c7aa6746f614a05a2797798fe09ecf294db3e2c1ddba33261e2f4acf8a
njrat
65b02e97697c264d7ee58c9ef07d8800cb502b757adea9284d3f85a701532f88
njrat
6f00ffaa9b0fe22f4e8e46fc35998010ecabecac8ffbdc4629e1b59372393a6b
njrat
7cee0e7a663f8a865255723ea5fe89fac90be773094c04ad82b5aee132f50cd7
njrat
a1f162de16e870488790a44add3a4b746b1791d0f7969c441cce3a19a43a1651
njrat
+ 14 additional samples on MalwareBazaar
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
evasion persistence trojan family:njrat
Link:
https://tria.ge/reports/200624-h5xmcv7vle/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies service
Adds Run entry to start application
Modifies Windows Firewall
njRAT/Bladabindi
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/19323/

Comments