MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 273cd3f58fa14eac2a1a36d9d78fa1b75e7c0d50106683e74f9d162f5209e1b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 273cd3f58fa14eac2a1a36d9d78fa1b75e7c0d50106683e74f9d162f5209e1b5
SHA3-384 hash: de01bfd0651f6fe43bb3d866278243890d7a86d4171491b4cc7ae1d58a0253721cd48d3e5af281c57bbad1028e41aebb
SHA1 hash: 06eafe3a0f2ccf8079c4a8c907d6fb270a7a3f1b
MD5 hash: d09e0ec889d577f726364bc9ce2acdf4
humanhash: washington-monkey-july-two
File name:273cd3f58fa14eac2a1a36d9d78fa1b75e7c0d50106683e74f9d162f5209e1b5
Download: download sample
Signature njrat
Create hunting rule
File size:82'944 bytes
First seen:2020-06-17 09:36:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'609 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 1536:CdzRFHqFHI6SoJHxUwoao9D2zqD3iryQKDV:CddsFrywo4zqbGyQKx
Threatray 85 similar samples on MalwareBazaar
TLSH 5583D09C37F48B35CCAE67B6888B50854730D62AB913CFE78CE141EE4C57B852E11A4B
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Njrat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/19448/
Detection(s):
SecuriteInfo.com.Variant.Adware.BrowseFox.62.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2015-04-26 22:25:59 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
2349240bbb67cb6b51d03eee0e68060f8c1bf067c4845cf48e00cd0a9eeadeed
njrat
37b6577e7f69894856dc04164545dd03abca3914018a24cb45f2c07f9909189a
njrat
3823b2ac7444188f31b0e9990ecb3120084180af9fe5e5a30b5af83b91290a34
njrat
5bc296dfe287bdb6984000b8af4d8647fdcb42b22b521264e7ea14a74ac05975
njrat
5c0435e674c08de5bfb78dbfdf4e01716a91780c4197bec1b3c3309361352058
njrat
7aea54e5a7af3c0486ca05606e29416b4bae058d6ca16e06afe2d57a9da90838
njrat
7ca8232e7c1412239e7ae183a33a8546097b37a1ca2fd03d068472f6ad7021c6
njrat
93d94861c9feb7b9fca386254d8ab5637cf78e4145527753fdafe7346d28fbe3
njrat
95ee17e9b0fc2ca63405fe3e16c6b0e23c5d5f894262b02a296f973c72fb5a28
njrat
c85ff24372320b72baa0652814e4288eeb120f94c98e50f59a90a706bf720b1a
njrat
+ 75 additional samples on MalwareBazaar
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
evasion persistence trojan family:njrat
Link:
https://tria.ge/reports/200624-289z7js8de/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies service
Adds Run entry to start application
Executes dropped EXE
Modifies Windows Firewall
njRAT/Bladabindi
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/19448/

Comments