MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 659d6a4757ecc8ee426b62660c1379645873a6b3df3efcddd3dec68a1b35cb60. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 10


Intelligence 10 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 659d6a4757ecc8ee426b62660c1379645873a6b3df3efcddd3dec68a1b35cb60
SHA3-384 hash: a485adafdeee5d48468fefd98a00b0d09402fb95566853a85975734c9d76b5697d73874338894d8fd3ef18464a6038c3
SHA1 hash: e7912271fb2d0b801c0d9bd067676762037e6ce4
MD5 hash: 4fadf5f6403483eb6015fff3ed2c49fc
humanhash: fix-dakota-zebra-shade
File name:659D6A4757ECC8EE426B62660C1379645873A6B3DF3EF.exe
Download: download sample
Signature njrat
Create hunting rule
File size:312'252 bytes
First seen:2022-03-04 07:11:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e2a592076b17ef8bfb48b7e03965a3fc (388 x GuLoader, 59 x RemcosRAT, 44 x VIPKeylogger)
ssdeep 6144:sUj/wKuBO03zqliI+6iry0CcKFsvTbItxWIPPS4KwB/CxpW2it20NppQ:sqal3GlFiuFcUPxpnD/cWHNpq
Threatray 14'391 similar samples on MalwareBazaar
TLSH T1AE6412527BC0C732C7C70A76AC379F15A6B0BD81E928190B6761BFB67E367438909253
File icon (PE):PE icon
dhash icon c0c2f4c6d4d4dc0c (1 x njrat)
Reporter abuse_ch
Tags:exe NjRAT RAT


Avatar
abuse_ch
njrat C2:
52.95.250.107:2610

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
52.95.250.107:2610 https://threatfox.abuse.ch/ioc/392455/

Intelligence

File Origin
# of uploads :
1
# of downloads :
337
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/247252/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33346416.23933.25317.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.MulDrop11.49112.2595.16429.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/8186/overview
Behaviour
MalwareBazaar
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/dde24db8-0106-48f3-a006-fd5571daab93
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/950598
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected KeepHala Crypter
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/659d6a4757ecc8ee426b62660c1379645873a6b3df3efcddd3dec68a1b35cb60/
Threat name:
Win32.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-03-02 01:32:00 UTC
File Type:
PE (Exe)
Extracted files:
65
AV detection:
23 of 27 (85.19%)
Threat level:
  1/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mwowur2x5teo4qtlmjtaye3zmrmhhjvt347pzxot33diugzvznqa._file
Verdict:
malicious
Label(s):
njrat
Create hunting rule
Similar samples:
04c950e9fb1cf6ff2de10fd17f04191f8e938189766482ef856efa2581df8dbb
njrat
0e79effa0348929c10e8aa39b07b38ba50872d4fe132fd7c131e4ac9892ed046
njrat
32560ccc4af2d37c587bbc551e1dd8127b8efaafb199f74c18ec111a812a7f30
njrat
3b8dd3bc950e31064f5fe058ed3e8c25f082bef1f42e1426760cc6f8fef14821
njrat
446fdd51f5eb4359191e189e54a209bd96295c5495cabc1b0b07c8f11d1eb748
njrat
7131d78da58eb6b54db8466e0c09d7173da6f05c5615841a73dc6a032648a217
njrat
8ef0ab64ef4a050f29808379fa8e9448bca73be60e4944f9d13a9a6880ba33f2
njrat
a40c51565228f1fef2028b90fd49051372828871d8eeb5df19e5d8049c977ed2
njrat
b401246b1d42e19f1d86ae14b21b2aa82868eb4197c482c8aa78be7f7e28e494
njrat
e431d81e245dd47b376162b55b07a341789498cbc19dba9271b98cd048002e01
njrat
+ 14'381 additional samples on MalwareBazaar
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
family:njrat botnet:samsunga70 trojan
Link:
https://tria.ge/reports/220304-h1hy4sdhd4/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Windows directory
Loads dropped DLL
Executes dropped EXE
njRAT/Bladabindi
Malware Config
C2 Extraction:
pedrobedoya20190411.duckdns.org:2610
Unpacked files
SH256 hash:
1454042d93c71f7d9b802e93d50801d0e43cdae11cfc26c113185c1055062f90
MD5 hash:
0af19ccbe32fdcd21131b088b20b2707
SHA1 hash:
bee2b5257175d3184adc035c3a4f2f79a0058016
Link:
https://www.unpac.me/results/36f071ad-35b8-4fe8-93f5-13af0df9ec6f/
SH256 hash:
74efecb40ecb35dfa1af6c49574e4b856583ec4a37c39e8a95098434520e2879
MD5 hash:
a5386e43312efcd34688755bdef14b92
SHA1 hash:
29b0e9d83ae84b870f85826c986d60443adb3982
Link:
https://www.unpac.me/results/36f071ad-35b8-4fe8-93f5-13af0df9ec6f/
SH256 hash:
a020d37724b738aab3c295917b6a23f8de45449177615a88e7c93627de424280
MD5 hash:
1b84d7e16763d4686874c20e07437bec
SHA1 hash:
9d3088e977c5b6a322bdeb538487a73887fbcc0e
Link:
https://www.unpac.me/results/36f071ad-35b8-4fe8-93f5-13af0df9ec6f/
SH256 hash:
4d50ce341be70511e9a871dd347b3f5793ea97787cdfc92045c0bcc8aae6e298
MD5 hash:
ed1c00557cde869caa963bbf9c820f05
SHA1 hash:
53bbd8b86fcbee9316e02af399634522b12539b0
Link:
https://www.unpac.me/results/36f071ad-35b8-4fe8-93f5-13af0df9ec6f/
SH256 hash:
946e9250b1820717b660517f3cde46eaa0ca7e408b916a2684f9965b4f9abdea
MD5 hash:
bd46e0d70c52df86a2fc76077371604d
SHA1 hash:
a74e6b9995965131f416c4679ca1a7324d6000df
Link:
https://www.unpac.me/results/36f071ad-35b8-4fe8-93f5-13af0df9ec6f/
SH256 hash:
57f248daa64d83c215189a3d38b9692f93125273ee046328febe33e69df01ded
MD5 hash:
c2efc9fcbbf2d6952110fea17841b71e
SHA1 hash:
4860494e79e88beacb0155584056699adb073f44
Link:
https://www.unpac.me/results/36f071ad-35b8-4fe8-93f5-13af0df9ec6f/
SH256 hash:
659d6a4757ecc8ee426b62660c1379645873a6b3df3efcddd3dec68a1b35cb60
MD5 hash:
4fadf5f6403483eb6015fff3ed2c49fc
SHA1 hash:
e7912271fb2d0b801c0d9bd067676762037e6ce4
Link:
https://www.unpac.me/results/36f071ad-35b8-4fe8-93f5-13af0df9ec6f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.08
Link:
https://yomi.yoroi.company/submissions/659d6a4757ecc8ee426b62660c1379645873a6b3df3efcddd3dec68a1b35cb60

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/247252/

Comments