MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 488af046fee2222b41dee6a16486507f74c637e23738d40f49e36e489abba3ef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 488af046fee2222b41dee6a16486507f74c637e23738d40f49e36e489abba3ef
SHA3-384 hash: 961b33448f20b94ed3640af753467d42c0334e80bdf5937e0bf6800696569fa68f1714064366617e80522221de593f8d
SHA1 hash: ad04ebb63388eec5b05e31efafe00f24e6b914ca
MD5 hash: 28ac45d6e13f2c8318e87ff44e1a3a3f
humanhash: idaho-beryllium-princess-triple
File name:488af046fee2222b41dee6a16486507f74c637e23738d40f49e36e489abba3ef
Download: download sample
Signature njrat
Create hunting rule
File size:465'920 bytes
First seen:2020-06-29 07:25:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'663 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:8kqBa86NYSgpN8SG1llzztfxTj/uocisCodyFO9:JnIiSUvgXo
Threatray 173 similar samples on MalwareBazaar
TLSH 7DA4080DFAB67F11CFAC027B9717457C51D7A10C6702D297EFA83AA42E06B9DCACA504
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/15609/
Detection(s):
Win.Packed.njRAT-7752919-1
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/488af046fee2222b41dee6a16486507f74c637e23738d40f49e36e489abba3ef/
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 00:43:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
2
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jcfparx64ircwqo642qwjbsqp52mmn7cg44nid2j4nxergv3upxq._file
Verdict:
unknown
Similar samples:
1b47b1d455c8523eb73b69934c91f2082277e5ba705e066fceaf927b81e4c060
njrat
3027dc21e325fddbc9e6cd21b0491f3270190f219776de4971e510c4490d3c25
njrat
35628fc8f90a6db8f30ab2f3ec4b743190381958f72c75d1a8ae828d6afb6370
njrat
380f06e9a34d63f3b41e94cdb6781254e7582c811adaaf48855d4e945e8f96b0
njrat
49bbc64881d66ec428ce3b2f670a2df89525391b1e608658c1d1b1758876d108
njrat
686bf5243c5d71d36ce6c9b870cad9316aa1218154614fdcd091d7bb8573ca2c
njrat
a9297e27075d755670954bcffb05bc3dd60fde115a342c93a6e76ac9ff6b9494
njrat
e4aae9a8a9103086b7232aa674f4ba296e140a4baaa01eb86b0cd79305a5fd13
njrat
ea1e920b88c5129a91704c6075aa29e5e0f86240f64ad742497eefdbde4ea207
njrat
f963457d5a9d27cbce5df7a6ce4fb9dd288e23ef473bd90cdb3059d454949d5a
njrat
+ 163 additional samples on MalwareBazaar
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
trojan family:njrat evasion persistence
Link:
https://tria.ge/reports/200629-lfwny7dv56/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies service
Adds Run entry to start application
Drops startup file
Executes dropped EXE
Modifies Windows Firewall
njRAT/Bladabindi
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/15609/

Comments