MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 285dcd9b0932523c95f28a8373a0018d44c9a9401d3ab410132a13642d8c59ef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 285dcd9b0932523c95f28a8373a0018d44c9a9401d3ab410132a13642d8c59ef
SHA3-384 hash: 8e8ab58c05b0ef91c75966bbddfbf11e26602e166918ee01e0ed0580b7b370c925f3a789b7f7e7c8039e5ffc9d262c31
SHA1 hash: cb0d35e9e06474df15b3b161209e1216d2e51c1e
MD5 hash: 2d8bdf0e315947402dc5415d70823b8b
humanhash: lamp-delaware-uniform-happy
File name:pDSVfmkL.exe
Download: download sample
Signature njrat
Create hunting rule
File size:32'768 bytes
First seen:2020-03-30 07:49:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'751 x AgentTesla, 19'657 x Formbook, 12'248 x SnakeKeylogger)
ssdeep 384:xu5it506mgTEkJsipdvE8mbf1N19FPIgqT6G9lD4odg9TdFpyFEIGsJjwE7UMcrc:YW0MdvqvEuouDbEEIGfRX0+f
Threatray 48 similar samples on MalwareBazaar
TLSH BCE2084CB6E38154D07D44B785A6E32117B4E16B5323E26FCED968E22F671CC8A88DE1
Reporter johannes
Tags:NjRAT


Avatar
viql
njrat via https://pastebin.com/raw/pDSVfmkL

Intelligence

File Origin
# of uploads :
1
# of downloads :
107
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Ratenjay-1
Create hunting rule

Win.Trojan.Bladabindi-6192388-0
Create hunting rule

Win.Trojan.Generic-6417450-0
Create hunting rule

Win.Trojan.Generic-6454614-0
Create hunting rule

Win.Trojan.Generic-6454615-0
Create hunting rule

Win.Dropper.njRAT-7436651-0
Create hunting rule

Win.Packed.njRAT-7672853-1
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Bladabindi
Create hunting rule
Status:
Malicious
First seen:
2020-03-30 08:35:28 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
27 of 30 (90.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fbo43gyjgjjdzfpsrkbxhiabrvcmtkkadu5lieatfijwilmmlhxq._file
Verdict:
malicious
Similar samples:
0ab3b273902918a617fca743185cdcae29f33be32324e761033038ce9d9ead60
njrat
4bc86416896092dc2a2ba5fce94147525f54cb8752b52c8f9592fc097cd5516b
njrat
90bcf814ca9e14d7bc710495b666ff1be96c7cd02387935d8a4a477d5e56c916
njrat
9f7e36217000449754932b83113336d822e8f76efdb3511e6d3fe14fce2f8612
njrat
b14311ccdbcdcc5ec2345e784989a2f2b1ce0f96410a05bb19dc03b4f7b85544
njrat
b2f041348835c102db3769245ee4c28dd00cb19c3c6710fc9c11228f3bbce61b
njrat
bfb489d80a74cd5b1763c8752f97c45b4856dd09ed6b1c2ec502a197ce137c83
njrat
c109366180776e966bf583094eb32b88fc86af5eb1400ccce77fea1518f1d164
njrat
e81b5aa4d6cc953a6fa155425f59e90a690dda923fa9d39c4d7570a1e89949dd
njrat
fd8255a1dca219da4d66c0bb5b70fb732501807de13a1e2f07f4baee039a391e
njrat
+ 38 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/pDSVfmkL

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments