MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5564f628b877cee2359d1b9321ec6c4ae20cd4d168ad678afeadf126608af514. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5564f628b877cee2359d1b9321ec6c4ae20cd4d168ad678afeadf126608af514
SHA3-384 hash: 0cc9363e848c5df703e0622bba2f46cfc32985f2b990b0bf19c737e0221e011d30ac9fdd13e566f000421d0471aab082
SHA1 hash: 09c063f60aec274b390f82d94fe57afa0efc197b
MD5 hash: 7ba106428ae232ab7b7953d5495d114d
humanhash: aspen-snake-seventeen-mobile
File name:5564f628b877cee2359d1b9321ec6c4ae20cd4d168ad678afeadf126608af514
Download: download sample
Signature njrat
Create hunting rule
File size:107'520 bytes
First seen:2020-06-10 09:50:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'663 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 1536:TbAIGlMPhQNtDkBAY9svmWX1RWM6mk1Y4OLdjiBEinB3:TEIGlMPaNasvrXWMHk1HOLIB3
Threatray 58 similar samples on MalwareBazaar
TLSH 2BB39A3B33E02CF3E1C2CFB7CB999951816500F759111E9F6AB52F6C8926E172D12CA9
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 03:05:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
7
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kvspmkfyo7hoenm5dojsd3dmjlrazvgrncwwpcx6vxysmyek6uka._file
Verdict:
malicious
Similar samples:
0dd3510b1088c0dd5ebd7f3692d6eeec53009cd6fb8de87650bfaf71bc5dcd07
njrat
282406408e4499b5e5807fbb08409ae8c1456efb75281da653d366dad299d5df
njrat
31be15bca048be274cf57fe357a7fe192fdf045cd2c93c2e13a42972db30ddf8
njrat
448c36ca3546f4444da82e6889980c21bf6f148e6451a9cfb92ec60547b6c41b
njrat
490b24ae49c3a9a3c8f580ed6847c8c96f9027e5be9b122e49728c7dc8ee0498
njrat
93a924da3e0e9c7cd63fc756581678664aea34e2f4a79bb1c7440be38445c037
njrat
bbb44461205442d3644ee3137f495777b46d2cc9cc2039a6138571037c843342
njrat
ddbf8cb72cd40ae9effa10fc0448600eedef3ab6891a9419eb6960d804a89bce
njrat
e34a91674a3a3aed881705d2f7deee4607a96a9abeb1a4a8fcbdbc9a3a560937
njrat
fca9b9de5070e3b30458c7477b01329ab8a84204f7c9ee633375f16c0d6df057
njrat
+ 48 additional samples on MalwareBazaar
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
family:njrat evasion persistence trojan
Link:
https://tria.ge/reports/201109-6cfy5kel26/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies service
Loads dropped DLL
Executes dropped EXE
Modifies Windows Firewall
njRAT/Bladabindi
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments