MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1f6e992bb9f1e4ba2640df7f5f44036fd70696c9b3f3d7a18562bb28fbf3b0e2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1f6e992bb9f1e4ba2640df7f5f44036fd70696c9b3f3d7a18562bb28fbf3b0e2
SHA3-384 hash: b1cbab419fd43fc240d1a594f636eef60071eae02a79493d34d2b21da108efbae5b3437f6a91470ae3b6e3e35a15178e
SHA1 hash: 89f9590ade37b275b68f40d6ec6a85afb4026982
MD5 hash: 70e3896b13db4db7b682f7beb9c00511
humanhash: stream-pluto-red-cup
File name:Convenio de PAgo.exe.bz2
Download: download sample
Signature njrat
Create hunting rule
File size:101'064 bytes
First seen:2020-06-17 05:23:09 UTC
Last seen:Never
File type:
MIME type:application/x-bzip2
ssdeep 3072:ta14OKVT8jdyvjMcDm3oGGw8iAdO229D3L0/:ta11KeAjM6m4m8iAdO20LL0/
TLSH B4A3124604C9A5DBCCD0C1969A7E48CB1ACEB77CB5BE0DC4BD492D789333B80457EA60
Reporter abuse_ch
Tags:bz2 NjRAT Outlook RAT


Avatar
abuse_ch
Malspam distributing njrat:

HELO: NAM10-BN7-obe.outbound.protection.outlook.com
Sending IP: 40.92.40.62
From: roselveth mosquera vargas <roselmos@outlook.com>
Subject: Convenio Arreglo De Pago Comparendos Vencidos.
Attachment: Convenio de PAgo.exe.bz2 (contains "bunzipped")

NjRAT C2:
medallos.duckdns.org:2054 (46.246.80.66)

Intelligence

File Origin
# of uploads :
1
# of downloads :
130
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.gc.5761.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-17 05:25:05 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=d5xjsk5z6hslujsa357v6radn7lqnfwjwpz5pimfmk5sr67twdra._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

njrat

1f6e992bb9f1e4ba2640df7f5f44036fd70696c9b3f3d7a18562bb28fbf3b0e2

(this sample)

njrat

Executable exe 812464aa0dfc28db563abf6f12caba88f4c8998ad5813741b781c3ddbcba1eaf

  
Dropping
MD5 22ae02a0257adbbf653910e99f3cf6cc
  
Dropping
njrat
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 812464aa0dfc28db563abf6f12caba88f4c8998ad5813741b781c3ddbcba1eaf

Comments