MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c46535200a9f6a3e9b5c0553cf2e94f939bf264bf3a29aa92b7c3fb13997287. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2c46535200a9f6a3e9b5c0553cf2e94f939bf264bf3a29aa92b7c3fb13997287
SHA3-384 hash: 12b4d7866d45afeb94cd3c921abeea9d2690ad57d6163e7551f32a136863970b1c431e2ff9644e25a1fe2b245ba25bc7
SHA1 hash: a67f00fd15f5f2d00a7bf1d74aa6b73d2be5db53
MD5 hash: d538d0465611854159bff970d71416d3
humanhash: nebraska-october-neptune-illinois
File name:VfjBa48P.exe
Download: download sample
Signature njrat
Create hunting rule
File size:32'768 bytes
First seen:2020-03-31 15:21:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 384:yLObD1hEqcsm2uLR9y62zRWRB7GpLPCvZi2VICSyz8ckLDOHYCFXPzlpmIMxTZi6:sObD1hEmm2LyxpVvj+mF7K71J
Threatray 621 similar samples on MalwareBazaar
TLSH CBE2F70533AA4703C67D07B90826471647F1CE83453BEB5F0CD9B0ED29BB7808A826AB
Reporter johannes
Tags:NjRAT


Avatar
viql
njrat via https://pastebin.com/raw/VfjBa48P

Intelligence

File Origin
# of uploads :
1
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.B-468
Create hunting rule

Win.Trojan.Ratenjay-1
Create hunting rule

Win.Trojan.Bladabindi-6192388-0
Create hunting rule

Win.Trojan.Generic-6417450-0
Create hunting rule

Win.Dropper.njRAT-7436651-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Bladabindi
Create hunting rule
Status:
Malicious
First seen:
2020-03-31 15:35:23 UTC
File Type:
PE (.Net Exe)
Extracted files:
5
AV detection:
30 of 31 (96.77%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=frdfguqavh3kh2nvybktz4xjj6jzx4tex45ctkusw7b7we4zokdq._file
Verdict:
malicious
Similar samples:
00b11363c9cd9f5e944789c5c8c8f190cb8952e572fcad351c10a0ffe4809765
njrat
139440ea99f0fdb275e96e8b749b64ca0528468f3b243bee6ada39b6db6327ac
njrat
14ba5f94a671a38e16b5166ebca44ddacd6fde3226015676f9c369c992b5d2f8
njrat
2b942243439c92b4921032a08567d76c0baff766661083fe8f6a9ab66966926d
njrat
2e71e2197518ae4077d0968f2f666635d9a1f822802aca08f092f488629d900b
njrat
5691aaf1f0f061589f0b1e28b72f25fdd63016ee069156c85cacbe5463cf9dbc
njrat
670a68a8f5bcef881c0475c26b29113821ee61a04b60148500318e3eb01cef36
njrat
9a0b8d04aac91f001774fb5c66bc9ad34dcbf1bdddfa487979b513d8e2c23fe4
njrat
af21243da675a515c8e2ca9d00b5628c1201125b1a29d46a9df0cb0b63769942
njrat
b8b65fac514cb8b167eee1426b292e00506d347a5269a17bc76a4c9f28323b98
njrat
+ 611 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/VfjBa48P

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments