MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 61f9dcdfdfff63894a2520134b87ae8f29a5738958db7d3f80b64abafce9e9fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 61f9dcdfdfff63894a2520134b87ae8f29a5738958db7d3f80b64abafce9e9fd
SHA3-384 hash: ca865087bbed04223829272bb9eb8fd4d6da7c5143880880d4b3d9fe85271735acab2b82e57486979fb516186ad24a6c
SHA1 hash: 2f802e4c0a9283d1b2196dc818bd0c39e357aa42
MD5 hash: 90a1f4e2a89ada05993848ce6d1f3409
humanhash: fruit-pluto-quiet-sink
File name:61f9dcdfdfff63894a2520134b87ae8f29a5738958db7d3f80b64abafce9e9fd
Download: download sample
Signature njrat
Create hunting rule
File size:318'976 bytes
First seen:2020-06-10 07:53:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'751 x AgentTesla, 19'657 x Formbook, 12'248 x SnakeKeylogger)
ssdeep 6144:ETz2tPZvoM5qAK1cO+go27F/FfMRqrCKZiafRLcqg3Bm/+uZ:E32foWG5uadoqDRPg43
Threatray 129 similar samples on MalwareBazaar
TLSH 6A6412BAE7E49863EF0ECFF4D805C06416DEE091B98983AD174C096C58E67BD5089B73
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Adware.BrowseFox.62.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Backdoor.DarkComet
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 02:09:29 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mh45zx6775ryssrfeajuxb5or4u2k44jldnx2p4awzflv7hj5h6q._file
Verdict:
malicious
Similar samples:
1041153379c269bf53b5a08bb85d576d4f5bf9a0b711f42686dbfbff035ee995
njrat
17431eab4f753e88127e1bf94a796cb4f001ae3c0300ed8b98522713e7ac8e8e
njrat
19a8e4f9fb01ff4333c81f78bba61e42d516c860e8974e059be82f2bf9d5a641
njrat
500ca56a7de01fbde3cdd1fcb392eb2a77b2706665a7a2e08e00ce8b405c27d5
njrat
60115aa0499ac568b987b349b5584ff17ed9a69f18c433606a782e7321b715dd
njrat
897a1305d267937baedeaf75e35e386efbb9c5d7d66819aaecfd885e84196142
njrat
bfe51bccd630589262349bcb050bdec5d2c3e4ebae04a536fe89e206799e2ab8
njrat
cf204b7c9f1fbb854444502d6f390a9834b63dc695a268345a5bef6521227a82
njrat
cffb6736521771821af04e2caaaf125e1d475bfe7166fcb39ff7db14c41931a7
njrat
eddc999a7e76c2af01abaa813a903686f6f5b7ff94a7587c071bf2d2243b5239
njrat
+ 119 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-m62cw93rs2/
Behaviour
Creates scheduled task(s)
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Adds Run key to start application
Drops startup file
Loads dropped DLL
Executes dropped EXE
Modifies WinLogon for persistence
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments