MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60939dd4c12a90d44e021e79be83dc3339139ee922759a0b1055ab558b2a814f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 60939dd4c12a90d44e021e79be83dc3339139ee922759a0b1055ab558b2a814f
SHA3-384 hash: eaa6ad6180867606b0a0931523da0285603225c20ddce0cf10dd3bda1e3a6ab1cc8f890875303b93af74bbdee1c193d0
SHA1 hash: d79b66292f11b1ad51b876f390399f30c373cf37
MD5 hash: f60cb3a9a1e6116e4544b974699eb889
humanhash: beryllium-wolfram-nine-steak
File name:60939dd4c12a90d44e021e79be83dc3339139ee922759a0b1055ab558b2a814f
Download: download sample
Signature njrat
Create hunting rule
File size:425'984 bytes
First seen:2020-07-06 06:57:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 6144:aPs/7rtr5WLlJQA0vNd10NdOnwrXIRy92ETID:ss/JULlJQ/vNb0NCsIRP
Threatray 35 similar samples on MalwareBazaar
TLSH 89948B658B9780BAE538CFB06C51DF0BEE650E6833D1AE6FCF3A194F74800216EE5651
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
135
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
Win.Packed.Generic-7650670-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a process from a recently created file
Creating a process with a hidden window
Creating a window
DNS request
Launching the process to change the firewall settings
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Connection attempt to an infection source
Enabling autorun with Startup directory
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/60939dd4c12a90d44e021e79be83dc3339139ee922759a0b1055ab558b2a814f/
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 23:33:17 UTC
File Type:
PE (.Net Exe)
Extracted files:
13
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mcjz3vgbfkinitqcdz435a64gm4rhhxjej2zucyqkwvvlczkqfhq._file
Verdict:
unknown
Similar samples:
54488d42558df58d9694b6a6150e4934c045c588566be3a555c005ce0aa4ab39
njrat
872c6f0c21cc04decb1b21636a3c5bf3f128dff7d4c43500cd56dd8f24d8a54a
njrat
969ca1f1cd74be7951552e6d03ee91abda18255b1761dfd46e049737ab0db12d
njrat
9ab98e8d67aa054c7d860cb54100954bfc5429cce7b4fb9bb1d69ddc3f43d2ce
njrat
a837374ed66cc50cb5760f0f948db288657fd0891687f43df9b9260dfb71449c
njrat
a860b7f6787c55f457249bf722d6ce93034391889c05f6ec0c9e10befe8c8c03
njrat
a8b85a2d91c5c6e8ecc5c1096b990a4e07c2b5318149e488c68e1fe73fab0b44
njrat
ad2a788b199dbb72ff808e2421f5663ad9553bc6bf144c2461993e13962d34d9
njrat
d5886c42f7b8f77d036091616f0314f37e2db5c117aaa769ede368027fe7d43a
njrat
f0e21d89e7d9763f14061fa57c4af1b209a7764c33a9fa05e5ca0bc83412d13e
njrat
+ 25 additional samples on MalwareBazaar
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
persistence trojan family:njrat evasion
Link:
https://tria.ge/reports/200706-6n2r9beg2s/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies service
Adds Run entry to start application
Drops startup file
Loads dropped DLL
Modifies Windows Firewall
Executes dropped EXE
njRAT/Bladabindi
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/20982/

Comments