MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 28d1ce2d141fcfc52b6b8a81f5424920ba2818a14e8ac201446697ff977082de. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 28d1ce2d141fcfc52b6b8a81f5424920ba2818a14e8ac201446697ff977082de
SHA3-384 hash: 03d5fd54ff6a21f65299977ccabe5b2e77493ffb1651ca3340e9ef031fdb60a0db5ca2c415058a3502e2429f6f41a28b
SHA1 hash: 5fc6062499b2f38d3157dbf12acaf4902deb2638
MD5 hash: 134359f03a8a58c6db8a171ca161db3a
humanhash: bulldog-muppet-connecticut-washington
File name:28d1ce2d141fcfc52b6b8a81f5424920ba2818a14e8ac201446697ff977082de
Download: download sample
Signature njrat
Create hunting rule
File size:4'341'106 bytes
First seen:2020-06-17 08:46:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fcf1390e9ce472c7270447fc5c61a0c1 (863 x DCRat, 118 x NanoCore, 94 x njrat)
ssdeep 98304:OghY1TzoAlVNpwRX72VbqSNmaS1cT/IroXyxz+62ZKNuOZT6KCtjBa+mU:rhYVHljpwRXSVHkUIroixz+JET6hpBd
Threatray 258 similar samples on MalwareBazaar
TLSH E1162340F281CCB2D47635F25C2E9A15183ABC18A9311A2F33B9756D6A73153DC7AB2F
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Njrat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/19204/
Detection(s):
SecuriteInfo.com.Gen.Variant.Johnnie.221809.751.14920.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-06-06 12:56:00 UTC
File Type:
PE (Exe)
Extracted files:
125
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fdi44liud7h4kk3lrka7kqsjec5cqgfbj2fmeakem2l77f3qqlpa._file
Verdict:
malicious
Similar samples:
076dfc0a55afc36cdfd6dff84cfd0feae23029843e745b7f122980b341f7b710
njrat
1678611ad4996f718c0a8998ce194dfe117bf47529c4ccad51a6816ecf4f1bb4
njrat
1acf4f64dbce46e70553494cf02959634528477066cc736e3f49df3bb6253923
njrat
2df93867afcfa816f19559f8afdc82701ff580a9c72906d2fb34b9ad9e6fb9ea
njrat
3a61804bb8302d42eb46c25a884cf50e7e6e383a9a48bfbfb1cfbe78ed2ed389
njrat
4d13350ebf3d38475a0a4a8c223fe6c06e00af3585eb499f60e29639b3944d3f
njrat
6d833bd671f179c8dfdf89aac0bc77cd7bb49f82a98cbf5d8122a9d47fa98e9f
njrat
7cb987616a272b3f90faa060b9671d72cdb3c2fecd398b9c50fac1449379282b
njrat
9d1f32d9806bafd63451a59e1768502f31cf9dc746c9e92f62b978c1ed259497
njrat
e34ce3660cbabe945aadb571016cbd7e73ca4a7baa6e9cd64a3615b6474ccdc8
njrat
+ 248 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence evasion
Link:
https://tria.ge/reports/200624-7tnhd7l4gx/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Modifies service
Adds Run entry to start application
Loads dropped DLL
Drops startup file
Modifies Windows Firewall
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/19204/

Comments