MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 280b405330467eadb74a1ebdf452bbdb0cb777724111d00fea3171271a46ef7d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 280b405330467eadb74a1ebdf452bbdb0cb777724111d00fea3171271a46ef7d
SHA3-384 hash: 8883210e5287641a442269c18f7ebf7cfe898e5318b18f16b6946ae66f1a085313daa842042c6a84137a298d6404999c
SHA1 hash: 72084cd85da8a2deec4b6e6d2c6a0a48078ea016
MD5 hash: e7317db1442e1a7e55ac2a93768ab17f
humanhash: muppet-neptune-delaware-fifteen
File name:Cliente_factura_de_cobro.001
Download: download sample
Signature njrat
Create hunting rule
File size:57'393 bytes
First seen:2020-05-27 08:12:27 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:zOCy/uUhDzZsIoTSm3HuqN7MEnDpoNcy5UfCDNnWBou86m5AmUPC60U3Aj9C/Uc0:a7uUhuHTSo97MXNJHZXuj9MUQj9qqJr
TLSH 3A4302D71266CB28DD8361803F5C03E2658D91E7F256F016E3613CD5D21A3A691BF83D
Reporter abuse_ch
Tags:001 ESP geo NjRAT Outlook RAT


Avatar
abuse_ch
Malspam distributing njrat:

HELO: NAM11-DM6-obe.outbound.protection.outlook.com
Sending IP: 40.92.19.47
From: camilo andres perez <abogadosasociados15@outlook.es>
Subject: INVITÁNDOLO A QUE PAGUE SU DEUDA PENDIENTE, EVITE UN PROCESO JURÍDICO.
Attachment: Cliente_factura_de_cobro.001 (contains "Cliente_factura_de_cobro.exe")

NjRAT C2:
demoledor.duckdns.org:2798 (181.52.92.98)

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Tasker
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 08:36:53 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
13 of 30 (43.33%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

njrat

rar 280b405330467eadb74a1ebdf452bbdb0cb777724111d00fea3171271a46ef7d

(this sample)

njrat

Executable exe 69dc322f7861776b6420ab43482f352f745d7a5b0ed3db55c892f9b7479e912d

  
Dropping
MD5 7099d286d916fd03fe1ac38820006f68
  
Dropping
njrat
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 69dc322f7861776b6420ab43482f352f745d7a5b0ed3db55c892f9b7479e912d

Comments