MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 670a68a8f5bcef881c0475c26b29113821ee61a04b60148500318e3eb01cef36. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 670a68a8f5bcef881c0475c26b29113821ee61a04b60148500318e3eb01cef36
SHA3-384 hash: 693ca6487627a5e6eba426019c06010db536c92083500869a8617714f7f68cbb7a9712db57ddf794ef6dafa476d4b7b5
SHA1 hash: a727918cfe7d15e44124bce9bebd1c55a95f838b
MD5 hash: 8f9ca3612e567debfa0a98c7e239a685
humanhash: march-shade-purple-white
File name:WgwewNL4.exe
Download: download sample
Signature njrat
Create hunting rule
File size:32'768 bytes
First seen:2020-04-01 07:19:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'654 x AgentTesla, 19'464 x Formbook, 12'205 x SnakeKeylogger)
ssdeep 384:mLnurjT8ycT4kO9OLZWahNz5WusYbOUuxLnyvhi2Vg6yqvEkLDOHYCFXPzlpmIMz:AurjT8WkO9KJxpVfPmF7k71x
Threatray 621 similar samples on MalwareBazaar
TLSH E9E2E60537AA4703C67D07B90926471647F18E83453BEB6F1CD9B0ED2E7B7848E816AB
Reporter johannes
Tags:NjRAT


Avatar
viql
njrat via https://pastebin.com/raw/WgwewNL4

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.B-468
Create hunting rule

Win.Trojan.Ratenjay-1
Create hunting rule

Win.Trojan.Bladabindi-6192388-0
Create hunting rule

Win.Trojan.Generic-6417450-0
Create hunting rule

Win.Dropper.njRAT-7436651-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Bladabindi
Create hunting rule
Status:
Malicious
First seen:
2020-04-01 07:35:24 UTC
File Type:
PE (.Net Exe)
Extracted files:
5
AV detection:
30 of 31 (96.77%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=m4fgrkhvxtxyqhaeoxbgwkirhaq64ynajnqbjbiagghd5ma4543a._file
Verdict:
malicious
Similar samples:
00b11363c9cd9f5e944789c5c8c8f190cb8952e572fcad351c10a0ffe4809765
njrat
139440ea99f0fdb275e96e8b749b64ca0528468f3b243bee6ada39b6db6327ac
njrat
14ba5f94a671a38e16b5166ebca44ddacd6fde3226015676f9c369c992b5d2f8
njrat
2b942243439c92b4921032a08567d76c0baff766661083fe8f6a9ab66966926d
njrat
2c46535200a9f6a3e9b5c0553cf2e94f939bf264bf3a29aa92b7c3fb13997287
njrat
2e71e2197518ae4077d0968f2f666635d9a1f822802aca08f092f488629d900b
njrat
5691aaf1f0f061589f0b1e28b72f25fdd63016ee069156c85cacbe5463cf9dbc
njrat
9a0b8d04aac91f001774fb5c66bc9ad34dcbf1bdddfa487979b513d8e2c23fe4
njrat
af21243da675a515c8e2ca9d00b5628c1201125b1a29d46a9df0cb0b63769942
njrat
b8b65fac514cb8b167eee1426b292e00506d347a5269a17bc76a4c9f28323b98
njrat
+ 611 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/WgwewNL4

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments