MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 286e54c84b3c8b6bc6c202c9719365c31156c062e90cc1452ef1206f8710e3f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

njrat

Vendor detections: 11

Intelligence 11 IOCs YARA 13 File information Comments

SHA256 hash:	286e54c84b3c8b6bc6c202c9719365c31156c062e90cc1452ef1206f8710e3f9
SHA3-384 hash:	7e119e55cdf58b2e86c50533fbddc8316972a162db159c5aaa709b81460f2e66fb75bfe43ab9421209603129b52a74cf
SHA1 hash:	14abd6a4ba706dab1c35e9c9d8c0c1ec374b213e
MD5 hash:	ad7c5d172b6fe743db4585f420a4265c
humanhash:	fourteen-minnesota-mars-butter
File name:	1729029847909bd6babf7b44250bc69e37cfeb1b1668fcd569b58c775e8e5ded95c7ac3d14184.dat-decoded
Download:	download sample
Signature	njrat Create hunting rule
File size:	181'524 bytes
First seen:	2024-10-15 22:04:08 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
ssdeep	3072:3OFoA4JJET+MuXxbCBBONUG1m2+7i0icmFqYFE:3wVQguXxbkG1mq0ipK
TLSH	T1BD044D176A90502ED86E8DF224B0D6197A729E270F909C1B63AEBB102E7714377F135F
TrID	42.6% (.EXE) Win32 Executable (generic) (4504/4/1) 19.4% (.ICL) Windows Icons Library (generic) (2059/9) 18.9% (.EXE) Generic Win/DOS Executable (2002/3) 18.9% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
Reporter	abuse_ch
Tags:	base64-decoded exe NjRAT

abuse_ch

Malware dropped as base64 encoded payload

Intelligence

File Origin

# of uploads :

# of downloads :

465

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.29039.UNOFFICIAL

Win.Packed.Bladabindi-7994427-0

Win.Dropper.Nanocore-10030076-0

Win.Trojan.Generic-6417450-0

Win.Trojan.Generic-6454614-0

Win.Trojan.Generic-6454615-0

Win.Trojan.B-468

Verdict:

Malicious

Score:

90.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=670ee71d1d4ef219fa631d5f

Tags:

Dropper Njrat Micro

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

cmd explorer fingerprint lolbin netsh njrat rat shell32 stealer

Link:

https://www.filescan.io/uploads/670ee7193190377d5774299f/reports/41435649-4632-48d8-a2c5-43a298652932/overview

Verdict:

Malicious

Labled as:

Dacic.D6DFC400.A.Generic

Link:

https://www.hybrid-analysis.com/sample/286e54c84b3c8b6bc6c202c9719365c31156c062e90cc1452ef1206f8710e3f9

Result

Verdict:

MALICIOUS

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/a722ccdf-464a-444c-a3a0-9a4843656ef8

Result

Threat name:

Mofksys, Njrat

Detection:

malicious

Classification:

spre.troj

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/1534529

Signature

Malicious sample detected (through community Yara rule)

Yara detected Mofksys

Yara detected Njrat

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/286e54c84b3c8b6bc6c202c9719365c31156c062e90cc1452ef1206f8710e3f9/

Threat name:

DOS.Packed.Dacic

Status:

Malicious

First seen:

2024-10-15 22:05:16 UTC

File Type:

MZ (DOS)

Extracted files:

AV detection:

4 of 38 (10.53%)

Threat level:

1/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=fbxfjsclhsfwxrwcalexde3fymivnqdc5egmcrjo6eqg7byq4p4q._file

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/241015-1zhk3azbkg/

Verdict:

Malicious

Tags:

trojan rat njrat

YARA:

Windows_Generic_Threat_7526f106 Windows_Trojan_Njrat_30f3c220 MALWARE_Win_NjRAT

Link:

https://app.threat.zone/submission/bb7e6faf-74c2-4d9a-ad6d-1d32ca65290a

Unpacked files

SH256 hash:

b963ec080651473a6c805fccb0e8a85b3dfc28db6ae46b161a658a360f1277ee

MD5 hash:

661c8e2db5d0f09b47d586204b525e4e

SHA1 hash:

09bf58b8d70d382fe1ff8035ad747827290c7005

Detections:

NjRat

win_njrat_w1

win_njrat_g1

MALWARE_Win_NjRAT

Link:

https://www.unpac.me/results/ae44b428-9053-4713-8799-41148c6d3d32/

SH256 hash:

286e54c84b3c8b6bc6c202c9719365c31156c062e90cc1452ef1206f8710e3f9

MD5 hash:

ad7c5d172b6fe743db4585f420a4265c

SHA1 hash:

14abd6a4ba706dab1c35e9c9d8c0c1ec374b213e

Detections:

NjRat

win_njrat_w1

win_njrat_g1

MALWARE_Win_NjRAT

Link:

https://www.unpac.me/results/ae44b428-9053-4713-8799-41148c6d3d32/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

NJRat

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/286e54c84b3c8b6bc6c202c9719365c31156c062e90cc1452ef1206f8710e3f9

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Detect_PowerShell_Obfuscation Create hunting rule
Author:	daniyyell
Description:	Detects obfuscated PowerShell commands commonly used in malicious scripts.

Rule name:	Disable_Defender Create hunting rule
Author:	iam-py-test
Description:	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen

Rule name:	MALWARE_Win_NjRAT Create hunting rule
Author:	ditekSHen
Description:	Detects NjRAT / Bladabindi / NjRAT Golden

Rule name:	Mal_WIN_NjRAT_RAT_PE Create hunting rule
Author:	Phatcharadol Thangplub
Description:	Use to detect NjRAT implant.

Rule name:	NETexecutableMicrosoft Create hunting rule
Author:	malware-lu

Rule name:	Njrat Create hunting rule
Author:	botherder https://github.com/botherder
Description:	Njrat

Rule name:	SEH__vba Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	Windows_Generic_Threat_7526f106 Create hunting rule
Author:	Elastic Security

Rule name:	Windows_Trojan_Njrat_30f3c220 Create hunting rule

Rule name:	Windows_Trojan_Njrat_30f3c220 Create hunting rule
Author:	Elastic Security

Rule name:	win_njrat_w1 Create hunting rule
Author:	Brian Wallace @botnet_hunter <bwall@ballastsecurity.net>
Description:	Identify njRat

File information

The table below shows additional information about this malware sample such as delivery method and external references.

909bd6babf7b44250bc69e37cfeb1b1668fcd569b58c775e8e5ded95c7ac3d14

njrat

exe 286e54c84b3c8b6bc6c202c9719365c31156c062e90cc1452ef1206f8710e3f9

(this sample)

Dropped by

SHA256 909bd6babf7b44250bc69e37cfeb1b1668fcd569b58c775e8e5ded95c7ac3d14

Dropped by

MD5 316e7895171f1928d15c73a45c38e19a

URLhaus

https://urlhaus.abuse.ch/url/3236821/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample