MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 24341732e079b0f3c2eb5b77681c218e8a205e2a02ad5ee52f10838e4e533a25. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 24341732e079b0f3c2eb5b77681c218e8a205e2a02ad5ee52f10838e4e533a25
SHA3-384 hash: c4f53f5be720a094b572add1a76b9d104fc1e25060c169e1e13536616d63fc71bc83705c36739eea0f925f1e3ed303d7
SHA1 hash: 462baf0d12fa14a9750777dce0aa61afd4226a50
MD5 hash: fc9ad2127cd459cb1a9f401aa4a37f3d
humanhash: violet-thirteen-skylark-december
File name:QyFAwHLZ.exe
Download: download sample
File size:30'208 bytes
First seen:2020-03-30 18:49:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 384:av9H9Hgs7ikJY7aDtFZ7/1VxULgqdI2m8FqXcfLc5IxmyOgy4zEasZyzxobwJTI5:aFSiJ1tz/Tx1R2ml60NLwVJTu7
Threatray 203 similar samples on MalwareBazaar
TLSH ADD24B4437A44727C67F977D4A60916203F5D2038217EE6EDDE8A0EE4EA33944E50EEB
Reporter johannes
Tags:NjRAT


Avatar
viql
njrat via https://pastebin.com/raw/QyFAwHLZ

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Zapchast-135
Create hunting rule

Win.Trojan.Agent-395970
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Bladabindi
Create hunting rule
Status:
Malicious
First seen:
2020-03-30 19:35:28 UTC
File Type:
PE (.Net Exe)
AV detection:
44 of 47 (93.62%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
02745f7d9cf8294ba4589a82fcbffda057138046f7e2c78d5f9fc3f97c07c246
08c0375aa494984e77ec6a082f10b27cf45f7ca08ad1bf2c4c7d4119d41a88af
0940a4a47785174b5a99039f480e9f71c73c049a9e9679a2de6af7a0987c74f4
14c8e3f1f23d16c2c9a4272cd05d00461d27b372cc5f588b4bbfc6102bbed708
1ea43f2b7589f266a7574e987b3a5c80634060fc2d1fe0eae77410c76dea326c
38115c7bdc10cc2981e9ab126d98f5ccab66a4d4d787b90a704ba3823b07fb67
3bcefe2f0fcca74dfd8c6ba243ad3b10dd16fbe27dbb4c2151884f60bf9147d6
6bb9f0ee03144bf2c169895fcfbc131ee7cd739b3ccc1b60864263d2910a0ad0
8d1e4bb75799fd3639d12f2418ae31631e483f8dd9758e1e8ba785c4e7a18a71
ed50de277a436632dd8b90be31a5cc93b60e13c18bf6ba7d008bd528e7f86b28
+ 193 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/QyFAwHLZ

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments