MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1f02d06a14d5e83c297271a24f9dad9f28d25e387bc65784077ddc27165290b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1f02d06a14d5e83c297271a24f9dad9f28d25e387bc65784077ddc27165290b5
SHA3-384 hash: f5e782a751c02279c1113948ad5c50d2aef84a9d71c931f13172ea6da461bcc24865ff14dcd6abc6f86903c856cdb449
SHA1 hash: a7e8987ab0961d4e84a90160854e03aec2d7f341
MD5 hash: e2e829a38e70b94aaa1fadb7bbb941b4
humanhash: potato-item-west-timing
File name:1f02d06a14d5e83c297271a24f9dad9f28d25e387bc65784077ddc27165290b5
Download: download sample
Signature njrat
Create hunting rule
File size:3'323'904 bytes
First seen:2020-06-29 07:09:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash bc70c4fa605f17c85050b7c7b6d42e44 (15 x njrat, 12 x RedLineStealer, 10 x AgentTesla)
ssdeep 98304:/viz/27qWGq/TzuqCDl2Ptao7jeRK4rMNq:/viq75/Tzuf3KhNq
Threatray 363 similar samples on MalwareBazaar
TLSH 47F5334076CC012BC9B113B124FD63872FE8BCB35376974BB0C6529E1C5A491B9B6FA6
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Njrat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/15471/
Detection(s):
Win.Malware.Generic-6895514-0
Create hunting rule

SecuriteInfo.com.Gen.Variant.MSIL.Krypt.11.1240.9175.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1f02d06a14d5e83c297271a24f9dad9f28d25e387bc65784077ddc27165290b5/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-06-29 04:24:02 UTC
File Type:
PE (Exe)
Extracted files:
765
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=d4bna2qu2xudyklsogre7hnnt4unexryppdfpbahpxocofsssc2q._file
Verdict:
malicious
Similar samples:
25cfc68958a0cb5232d1e4bb1cddbf70b9494d3ef240337e2cedb9226c786b1c
njrat
289dc3caa29f5df0ba412aa2f96816d35858b5117afb7fb5e7a905aef7577b96
njrat
51aed8db193794512a9d60736c06a19890c3e12ff3b0b22ae77832169723debf
njrat
553b932611fdb66130ffe51b352b03c487cc0662a2ecf0708e3ddacb620cced0
njrat
703dca09e84a98247353b177d81f8b9db8b995a53230e1d78f86418c90d2ed58
njrat
7a8ef2bd1c4b9d15c7f174544a01feb7709164a23e748f9a0f769774243648e7
njrat
957fb8a83836c7891ef2a513d354439776e51c027b908193c9c7df269e42a7a9
njrat
a128bdfd9ccc0737d7fe955d49c44d17cfb119a832178aef3df23af772a2c04e
njrat
b6c28cb063a76219e1686cfa3c394de76921ee3ab4d315c22cee54dc6cea41a3
njrat
c96d7a2be148621094eb933be12d8c2bda0ae6f8f7c51dcbeca6ccd2b78ad4c7
njrat
+ 353 additional samples on MalwareBazaar
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
persistence evasion trojan family:njrat
Link:
https://tria.ge/reports/200629-v5j5qty836/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Modifies service
Adds Run entry to start application
Loads dropped DLL
Modifies Windows Firewall
Executes dropped EXE
njRAT/Bladabindi
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/15471/

Comments