MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c16a29cf3c297635c1d40f3c26e85a147f6c9a1de2fb1dfe9836a3c3b547057. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5c16a29cf3c297635c1d40f3c26e85a147f6c9a1de2fb1dfe9836a3c3b547057
SHA3-384 hash: d8a1c3b8a9a82d5cb6f3dc170005fabe89d42c5afae0e58a0478716f6cc4750a587cd1ad22562068d3b97277978f002e
SHA1 hash: d5d9c5a9280a0f6d4c1d7698499df932e83fb077
MD5 hash: 5cb09ed030bdd0e9f993debc5b49cdbe
humanhash: pluto-lion-fish-lactose
File name:j8QmYWVg.exe
Download: download sample
Signature njrat
Create hunting rule
File size:25'816 bytes
First seen:2020-04-02 02:24:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'749 x AgentTesla, 19'653 x Formbook, 12'246 x SnakeKeylogger)
ssdeep 384:5vcTzt3rTW4JoTjp/3OUX5Cnr1q3FO7irqd+ykinvRqiVNVM7JGU7r:5vklrjQl2N0g7iOd++Zr87L/
Threatray 45 similar samples on MalwareBazaar
TLSH C7C2D024D29DDA35DC740B74AB7B2292B170D124979B1728349C0DB86AF9ACC16B3786
Reporter johannes
Tags:NjRAT


Avatar
viql
njrat via https://pastebin.com/raw/j8QmYWVg

Intelligence

File Origin
# of uploads :
1
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.Hedo.24419.23839.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Bladabindi
Create hunting rule
Status:
Malicious
First seen:
2020-04-02 02:35:24 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
26 of 30 (86.67%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lqlkfhhtyklwgxa5idz4e3ufufd7nsnb3yx3dx7jqnvdyo2uoblq._file
Verdict:
unknown
Similar samples:
2f2670e8a7845cf300320415c6a16ffc34e662672f16d7cfcf5b911d088516d9
njrat
4118da509f4aace1799d5880924a4101d8ed8ee746e0a03a7f47f3cec76eaf58
njrat
68d44fa879791b068793f7c819ea79d31386ac26c40a94a2d4f17c5171244605
njrat
77146703fc5c722e50ccc571bcfcf55278f5cc86574f4b470ed382bf66447945
njrat
7de9a92068f5d5e76df10e9ea374223cc643bd7e48a6ca774f8017aa5e1ee0c8
njrat
811afa1cbaa5edfeca8702c1f8579c32885a98e8852c3f188b3adf0b010e6d2a
njrat
92574e92ed7461639393ef09258609b637fc5e68341c5fe13e460f2dff705d0d
njrat
9bdea75678155f51df05070d28789a92296f5727a77ea232500b06beb2debd4d
njrat
a652eaf2c254c68b7f9a7476ca4a724b76e5442ec42ed556d1b8427e3911b530
njrat
ccb7e7ea08121c1d3d37739b4273e750843fe2296d24ae69a8efb686adbf53c3
njrat
+ 35 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/j8QmYWVg

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments