MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 21ac08fc21c99e9c3522c3555adc2e54fdada5297deda9f00304694a47e1a9e6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 21ac08fc21c99e9c3522c3555adc2e54fdada5297deda9f00304694a47e1a9e6
SHA3-384 hash: 0be2a84f26679c437d33a64570441ef0a0ed7be5cc608fb47e48adf7df79273ed748b2dd00774720701e1dc46ca44b4f
SHA1 hash: 59ae1d818424ad6bc5af47642177aa394e9870af
MD5 hash: 223c5f3ca4307c237beb9ec0321ceb07
humanhash: moon-louisiana-beryllium-sodium
File name:21ac08fc21c99e9c3522c3555adc2e54fdada5297deda9f00304694a47e1a9e6
Download: download sample
Signature njrat
Create hunting rule
File size:81'408 bytes
First seen:2020-06-16 09:42:56 UTC
Last seen:2020-06-16 10:51:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 1536:RQZnbZ3cLs83GP+6/xjqhm1SaO7YWwPU5WhBxeCMj3bnCUBGB7:Qblss8f6Km0aOPSO83MjrClB7
Threatray 439 similar samples on MalwareBazaar
TLSH C4835B1272474362C638797685DB312813F0BFCE2B37A6493F4EB25C9A523938E46E4D
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/10853/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.34027245.25503.2240.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 22:40:32 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=egwar7bbzgpjynjcynkvvxbokt623jjjpxw2t4adaruuur7bvhta._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
00b11363c9cd9f5e944789c5c8c8f190cb8952e572fcad351c10a0ffe4809765
njrat
08da1c7771ae637a3b09d9d636b97d6cefdd1794fe3de4ade9b676188e057370
njrat
0f6ab91e876a548f6434c6be14fa607768a597430b226d586cf428da94ab931c
njrat
19ec45b87d0faf9d142f42ddb2a00c6c92a7522e0a143016d78e237c3a1731c3
njrat
5f45455780932616a1109057e76b4e6ad3444db6371405b96152379ac100767c
njrat
9da009d5ba4d56b1ea8360698a817fe6e321964998ed68ce40d0ce14b4c49762
njrat
a40f7767aa2fd1c3efe1fc0f0178088d1640d1a2fd5b4d4b075f8bbff43ccfd8
njrat
b8b65fac514cb8b167eee1426b292e00506d347a5269a17bc76a4c9f28323b98
njrat
bf5d5c28bec7bdcf41fad771fd465ba6bb9a56e053c9470a6e10293466109d3c
njrat
fadcffc72696cb639334be446d2aeb90743b270276f48b730efbb59b73505a85
njrat
+ 429 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion persistence
Link:
https://tria.ge/reports/200624-1fy34tn6se/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies service
Loads dropped DLL
Executes dropped EXE
Modifies Windows Firewall
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/10853/

Comments