MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 647a443ee452ca7df3fc63da77ee5cfc7e7dd597530a1984ef9a3e6e5671667d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 3 Yara Comments

SHA256 hash: 647a443ee452ca7df3fc63da77ee5cfc7e7dd597530a1984ef9a3e6e5671667d
SHA1 hash: ce0c6b962a09c6ab229fa57ab146f06af280c4ba
MD5 hash: 8c5acba822df4334079b07d54e2f2bfa
File name:Missing Invoices.jar
Download: download sample
Signature n/a
File size:40'364 bytes
First seen:2020-05-23 07:26:28 UTC
Last seen:Never
File type:Java file jar
MIME type:application/zip
ssdeep 768:SW/Cj9Gd3KRTS3Gj3vb7CVVWj2ZTfuj5CoHJzqOrxgtsBA3cFvOJDc01rhtp0Is:S3Wq+38/cEK8rYd3JJrpDs
TLSH A0030122ED1508CA529827B751298F03450E93543DA893FEA03D94BBEF463E0747DE7E
Reporter @abuse_ch
Tags:jar NjRAT RAT

Malspam distributing njrat:

Sending IP:
From: Una Tormey <>
Subject: Invoice 56493 from O.K. finboroughschool
Attachment: Missing (contains "Missing Invoices.jar")

Unknown RAT C2:


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 21
Origin country US US
VirusTotal:Virustotal results 29.51%
ReversingLabs :No data

File information

The table below shows additional information about this malware sample such as delivery method and external references.


Java file jar 647a443ee452ca7df3fc63da77ee5cfc7e7dd597530a1984ef9a3e6e5671667d

(this sample)

Delivery method
Distributed via e-mail attachment