MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e71e2197518ae4077d0968f2f666635d9a1f822802aca08f092f488629d900b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2e71e2197518ae4077d0968f2f666635d9a1f822802aca08f092f488629d900b
SHA3-384 hash: c32e6a38b08cb07a384a32215d5f444ec54373ec64868f903fd032c8a777dec1826f89e73c265826cd55ea5258cd2d98
SHA1 hash: eec448403aaa3318f9a7813019bfbb94e2b8c8c3
MD5 hash: f9b9031b96435f5b11b88a837a890607
humanhash: coffee-one-skylark-lion
File name:nFSzEW7c.exe
Download: download sample
Signature njrat
Create hunting rule
File size:32'768 bytes
First seen:2020-03-31 15:04:06 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'741 x AgentTesla, 19'606 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 384:gLObD1hEqcsm2uLR9y62zRWRB7GpLPCvZi2VICSyz8ckLDOHYCFXPzlpmIMxTZi6:+ObD1hEmm2LyxpVvj+mF7K71J
Threatray 621 similar samples on MalwareBazaar
TLSH 21E2F70533AA4703C67D07B90826471647F1CE83453BEB5F0CD9B0ED29BB7808A826AB
Reporter johannes
Tags:NjRAT


Avatar
viql
njrat via https://pastebin.com/raw/nFSzEW7c

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.B-468
Create hunting rule

Win.Trojan.Ratenjay-1
Create hunting rule

Win.Trojan.Bladabindi-6192388-0
Create hunting rule

Win.Trojan.Generic-6417450-0
Create hunting rule

Win.Dropper.njRAT-7436651-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Bladabindi
Create hunting rule
Status:
Malicious
First seen:
2020-03-31 15:35:24 UTC
File Type:
PE (.Net Exe)
Extracted files:
5
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fzy6eglvdcxea56qs2hs6ztggxm2d6bcqavmuchqsl2iqyu5safq._file
Verdict:
malicious
Similar samples:
00b11363c9cd9f5e944789c5c8c8f190cb8952e572fcad351c10a0ffe4809765
njrat
139440ea99f0fdb275e96e8b749b64ca0528468f3b243bee6ada39b6db6327ac
njrat
14ba5f94a671a38e16b5166ebca44ddacd6fde3226015676f9c369c992b5d2f8
njrat
2b942243439c92b4921032a08567d76c0baff766661083fe8f6a9ab66966926d
njrat
2c46535200a9f6a3e9b5c0553cf2e94f939bf264bf3a29aa92b7c3fb13997287
njrat
5691aaf1f0f061589f0b1e28b72f25fdd63016ee069156c85cacbe5463cf9dbc
njrat
670a68a8f5bcef881c0475c26b29113821ee61a04b60148500318e3eb01cef36
njrat
9a0b8d04aac91f001774fb5c66bc9ad34dcbf1bdddfa487979b513d8e2c23fe4
njrat
af21243da675a515c8e2ca9d00b5628c1201125b1a29d46a9df0cb0b63769942
njrat
b8b65fac514cb8b167eee1426b292e00506d347a5269a17bc76a4c9f28323b98
njrat
+ 611 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/nFSzEW7c

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments