MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4bc86416896092dc2a2ba5fce94147525f54cb8752b52c8f9592fc097cd5516b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4bc86416896092dc2a2ba5fce94147525f54cb8752b52c8f9592fc097cd5516b
SHA3-384 hash: d55d66f16907736d6b6499dd390a2f412127d2fc55fbc85afa94c0b2a85f32cdd242fae329f0794d88cb019a5fe893e5
SHA1 hash: aac81e3a451a28b1ce5820d8163c4544dc086dcf
MD5 hash: 8e286965ec4e222558f45371f101a7ba
humanhash: green-uncle-alaska-idaho
File name:gcHVDjFQ.exe
Download: download sample
Signature njrat
Create hunting rule
File size:32'768 bytes
First seen:2020-03-21 14:19:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'602 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 384:RolXeokkkpaWKmosiFZtSux/PfhFPISuTQIYlDzodg9TdFpyFEIGsJjwE7UMcriq:24pjt4ZtVP7n9ouDbEEIGfRE+f
Threatray 40 similar samples on MalwareBazaar
TLSH A8E2084CB6E38154D0BD44B785A6E3251774E1675723E36FCED868E22F672CC8A88DE0
Reporter johannes
Tags:NjRAT


Avatar
viql
njrat via https://pastebin.com/raw/gcHVDjFQ

Intelligence

File Origin
# of uploads :
1
# of downloads :
104
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Ratenjay-1
Create hunting rule

Win.Trojan.Bladabindi-6192388-0
Create hunting rule

Win.Trojan.Generic-6417450-0
Create hunting rule

Win.Trojan.Generic-6454614-0
Create hunting rule

Win.Trojan.Generic-6454615-0
Create hunting rule

Win.Dropper.njRAT-7436651-0
Create hunting rule

Win.Packed.njRAT-7672853-1
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Bladabindi
Create hunting rule
Status:
Malicious
First seen:
2020-03-22 03:54:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jpegifujmcjnykrlux6osqkhkjpvjs4hkk2szd4vsl6as7gvkfvq._file
Verdict:
malicious
Similar samples:
285dcd9b0932523c95f28a8373a0018d44c9a9401d3ab410132a13642d8c59ef
njrat
6a53a62fe35949c47d638b8e3c8e1b5177bb413eef9159a069a87658d503350c
njrat
90bcf814ca9e14d7bc710495b666ff1be96c7cd02387935d8a4a477d5e56c916
njrat
9f7e36217000449754932b83113336d822e8f76efdb3511e6d3fe14fce2f8612
njrat
b14311ccdbcdcc5ec2345e784989a2f2b1ce0f96410a05bb19dc03b4f7b85544
njrat
b2f041348835c102db3769245ee4c28dd00cb19c3c6710fc9c11228f3bbce61b
njrat
bfb489d80a74cd5b1763c8752f97c45b4856dd09ed6b1c2ec502a197ce137c83
njrat
c109366180776e966bf583094eb32b88fc86af5eb1400ccce77fea1518f1d164
njrat
e81b5aa4d6cc953a6fa155425f59e90a690dda923fa9d39c4d7570a1e89949dd
njrat
fd8255a1dca219da4d66c0bb5b70fb732501807de13a1e2f07f4baee039a391e
njrat
+ 30 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/gcHVDjFQ

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments