MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 618f4050d767d0c8f835ec3fa9e46b85b9291062a2e381122852238fa84c95f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 618f4050d767d0c8f835ec3fa9e46b85b9291062a2e381122852238fa84c95f7
SHA3-384 hash: 70993e6fdf6adec9562fa11ab086a52044d8776063bd6a5a925d576b86cb71040fb74b0b50da55f588e0415dffd736f2
SHA1 hash: adeb03e5285b65914da79a6db66cb916c7c079c9
MD5 hash: bdce6df9040e457fa2c969d39c26c071
humanhash: green-rugby-december-friend
File name:618f4050d767d0c8f835ec3fa9e46b85b9291062a2e381122852238fa84c95f7
Download: download sample
Signature njrat
Create hunting rule
File size:388'896 bytes
First seen:2020-06-10 12:28:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'658 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 6144:1sLit9epsH8xD3nUu8/DPJxo3zb8bfMXbk0/YPV8:heNUzDP7qzb0MYPm
Threatray 638 similar samples on MalwareBazaar
TLSH 9C843C1E37424524C46C497190EB6D5123B69B8336B2DB4E2FCE579C8E033DF7B68A89
Reporter JAMESWT_WT
Tags:NjRAT

Code Signing Certificate

Organisation:DigiCert Assured ID Root CA
Issuer:DigiCert Assured ID Root CA
Algorithm:sha1WithRSAEncryption
Valid from:Nov 10 00:00:00 2006 GMT
Valid to:Nov 10 00:00:00 2031 GMT
Serial number: 0CE7E0E517D846FE8FE560FC1BF03039
Intelligence: 22 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 3E9099B5015E8F486C00BCEA9D111EE721FABA355A89BCF1DF69561E3DC6325C
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Barys-6880522-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 20:11:51 UTC
File Type:
PE (.Net Exe)
Extracted files:
4
AV detection:
34 of 48 (70.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mghuaugxm7imr6bv5q72tzdlqw4ssedculrycerikiry7kcmsx3q._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
nanocorerat
Create hunting rule
Similar samples:
5fb13ec9aec5b17f482da9aa1b4843d58721d0c99090e9f6cb3a88940666cc61
njrat
6ee95360b744269183b9f19b9474f831224dbd90d27e67e5b2c5701f69938e4e
njrat
939568fe08a69e9963de44a3a8e0a078379b27b1e9a73c651f3fcc5f19426252
njrat
95a191b5e1728a1dc9a0007719ae7adba5be88b1ae5e8919185c91a201148a51
njrat
994efe7e189b31c6b3911302a077eadea90e4c0eefc6e54dd64b3dfa0b16124f
njrat
9d2a8b10360c33870703b79c4b9a102b3881b9d903870f5f9863c5e61e1c132c
njrat
9db03df30746e08a092e729d678f269d921e9e143d7a31563a012d561caa860a
njrat
b92562b095b382e4f4e72335c4d78f9843a6724c60f2626d65df0e27006c6586
njrat
d1c1e3948a60d00f55a9e6e9eaf68ab0b8a18480d863a5a568cccdeeb75162fa
njrat
dfe2978764d493ac195ec5a39d99f998c1d69d9f68e25bbbe090d9b2f7cb97c2
njrat
+ 628 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
agilenet persistence
Link:
https://tria.ge/reports/201109-3ds8a6thqa/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Obfuscated with Agile.Net obfuscator
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments