MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c616e633ee33cf1ebc784661459a1990201bc9baf77c6c59a8ee5d1b25dcde4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5c616e633ee33cf1ebc784661459a1990201bc9baf77c6c59a8ee5d1b25dcde4
SHA3-384 hash: f7d1f9fcfcb5173f6165073d0bc9722aa8575265c21dbb32b1bf5360ed343eab3e7609ac7f57dc6eeff6536f2bc30f89
SHA1 hash: 203598122dfd42cc5b8f449b6e6d37ab4c8ad097
MD5 hash: cdee851fc13afe79822ebd8bad869c9a
humanhash: cardinal-robin-zulu-undress
File name:5c616e633ee33cf1ebc784661459a1990201bc9baf77c6c59a8ee5d1b25dcde4
Download: download sample
Signature njrat
Create hunting rule
File size:164'352 bytes
First seen:2020-06-10 11:43:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'649 x AgentTesla, 19'454 x Formbook, 12'202 x SnakeKeylogger)
ssdeep 3072:ooIrWxjhRohqpEgUlLfdgoCqZ5k2EwB4LFUAzCwwNMFKa:9hRsq3cLfz4bFLFU0PFK
Threatray 204 similar samples on MalwareBazaar
TLSH C0F36CBCA71C5E23C1AF05BE81D267B043709956E68EE74B6C8829FC08727D74E5225F
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 02:02:18 UTC
File Type:
PE (.Net Exe)
Extracted files:
5
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lrqw4yz64m6pd26hqrtbiwnbtebadpe3v534nrm2r3s5dms5zxsa._file
Verdict:
unknown
Similar samples:
0d852bfcbc49afecc18e426f7d694597966256d55c225a4ae798a7e98200b5ca
njrat
4bd12f48c0a5a1dd9a4c0dd17460f2941f3a1b2b11b95961b4092f07622eb5c3
njrat
55b8c931d255cef1b2541db94a1eea700b9849c253ca5b24f31aeaf272a276c9
njrat
57233018ececa82dadc167ce51622ecb6b06a4c08753c951a2a5e91f4b3629de
njrat
76ff41be8f7f15dbb035fb27ad00cbd313d0d75745945b81642f10986fc83ffb
njrat
8759d45e142c15d4e4cc63fc147114ef52bb57623710552c4ba76f43face2524
njrat
88c93fb2359cc5f0da6886983c67d923955d210daf5a458e382d024124a67458
njrat
cffb56dddf9b596328082781400f1b5a1d7a995719c78dbdcbe41b026c86010b
njrat
d47e8c71a8d7cd1722e5b09574c818f4db65ecb4e9696fedbe738ff29f0a6305
njrat
db4b9e3a0264451368c24fb5f9e9a8722bb0afc6fb184fca9a54b7cb1aec4249
njrat
+ 194 additional samples on MalwareBazaar
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
family:njrat evasion persistence trojan
Link:
https://tria.ge/reports/201109-2nsg36d3ma/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies service
Adds Run key to start application
Drops startup file
Loads dropped DLL
Executes dropped EXE
Modifies Windows Firewall
njRAT/Bladabindi
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments