MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 282406408e4499b5e5807fbb08409ae8c1456efb75281da653d366dad299d5df. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 282406408e4499b5e5807fbb08409ae8c1456efb75281da653d366dad299d5df
SHA3-384 hash: eee0acffc3b7478bbd810aca3953964a63da9996bc3f477cc6682a42f481a79f67a3d54e3df03cd22532ab7a08f52ba4
SHA1 hash: 63d649c480680b4b6e22ccd62c63b742f63e62e9
MD5 hash: 21524f784a2b5f98e6cd6256ce83bd13
humanhash: paris-nine-winter-louisiana
File name:282406408e4499b5e5807fbb08409ae8c1456efb75281da653d366dad299d5df
Download: download sample
Signature njrat
Create hunting rule
File size:87'552 bytes
First seen:2020-06-29 07:47:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'663 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 768:bEQhRajorj2LC0JYmMKs1U6tc8UqzS+1JKsOAz2gR0IRzFqRajfvZKT6NsQ70h:b1fL2uVmMKP6t/p+aJKNgeSzYR8p2
Threatray 58 similar samples on MalwareBazaar
TLSH F083BC1526BF42DEF266DAB22ED4F4F18DEBE631690E72F7254003064719E508FE2279
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Njrat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/15931/
Detection(s):
Win.Packed.Disfa-6904537-0
Create hunting rule

Win.Packed.Forucon-6953438-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/282406408e4499b5e5807fbb08409ae8c1456efb75281da653d366dad299d5df/
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2017-12-09 04:00:54 UTC
File Type:
PE (.Net Exe)
Extracted files:
7
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fasamqeoism3lzmap65qqqe25dauk3x3ouub3jst2ntnvuuz2xpq._file
Verdict:
malicious
Similar samples:
0dd3510b1088c0dd5ebd7f3692d6eeec53009cd6fb8de87650bfaf71bc5dcd07
njrat
16c471d08b96936bdb1894c8fd1f17cbee466160e8cfceb9fce8addb62bfe86b
njrat
31be15bca048be274cf57fe357a7fe192fdf045cd2c93c2e13a42972db30ddf8
njrat
448c36ca3546f4444da82e6889980c21bf6f148e6451a9cfb92ec60547b6c41b
njrat
5564f628b877cee2359d1b9321ec6c4ae20cd4d168ad678afeadf126608af514
njrat
bbf78b5fa17f5545ee34137874c4feaf707fa556256bc74bee80d58782cdd719
njrat
c33d8b5589880c1a82f257555f5dea36190e409cff9b2980ab80b314ccb11bae
njrat
ddbf8cb72cd40ae9effa10fc0448600eedef3ab6891a9419eb6960d804a89bce
njrat
e34a91674a3a3aed881705d2f7deee4607a96a9abeb1a4a8fcbdbc9a3a560937
njrat
fca9b9de5070e3b30458c7477b01329ab8a84204f7c9ee633375f16c0d6df057
njrat
+ 48 additional samples on MalwareBazaar
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
evasion persistence trojan family:njrat
Link:
https://tria.ge/reports/200629-v7jsbm97sn/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies service
Adds Run entry to start application
Loads dropped DLL
Executes dropped EXE
Modifies Windows Firewall
njRAT/Bladabindi
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/15931/

Comments