MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 689290a8b842a0fd09f5ce00654d64d70d0be3e19e2ca60d5dd3d199d3e09054. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 689290a8b842a0fd09f5ce00654d64d70d0be3e19e2ca60d5dd3d199d3e09054
SHA3-384 hash: 066c79f5ce7aa2926c75c6f4477f44ba12fe23cbde749cf93907e20529f8a962322b4fa13d96aa1d51c38669c52f7ca5
SHA1 hash: b251a10dbb740c1ed8f536f0a990cae576b63132
MD5 hash: 4e0ae3808fb36e14a65d9ee253a3a082
humanhash: ink-oven-butter-delaware
File name:689290a8b842a0fd09f5ce00654d64d70d0be3e19e2ca60d5dd3d199d3e09054
Download: download sample
Signature njrat
Create hunting rule
File size:504'595 bytes
First seen:2020-06-17 09:19:09 UTC
Last seen:2020-06-17 09:42:19 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 73d12a96fab08773e2657237992c3c27 (2 x njrat, 1 x CyberGate, 1 x DCRat)
ssdeep 12288:dfjA7Xaq+zQRi8Kj5bIFrCx4cR9v6HYGThPbpjZcsVmsXhy:dE7Xaq+zQN658Fr04evFEhbpjZcSFXE
Threatray 269 similar samples on MalwareBazaar
TLSH 67B4D031BAC140F1D5723B344BE9932C5A7D7CE0DB238A1F53941A2DEA317835AE57A2
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
2
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-06-12 16:26:52 UTC
File Type:
PE (Exe)
Extracted files:
17
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ncjjbkfyikqp2cpvzyagktle24gqxy7btywkmdk52piztu7asbka._file
Verdict:
malicious
Similar samples:
118dd258630c48b0beacd8b4c04c9c9cd3b9f698b660b6a904b1dfc033e00cd1
njrat
2d725c799e8787ef98e26cb025144cbe405aef31bc4ddd2011c80c09efa87400
njrat
5e4cb5b794577345c50a2012ee0ece2301012527d17646d984a253781bcd39c9
njrat
9f452d7d0048825bc6a35952dd645d68e6b5788858481998c660b8b31d1e1b63
njrat
b833d79953fe177a48a5832ce2606c41d00f0d5b9bd31ceb25d3055a3850c2f7
njrat
d33a9b8def5c0bc379362bf5924cd9697d2b219bcc412399814b160f9627c3c3
njrat
e38724644ed4643ebcdea6b0ae8345bf094d9f6e6d81b0acb244f96a3129077e
njrat
ed34d4eba0bc7d434f32bb9bca0147632592656ddf0c2aa892fbee54b0850ff1
njrat
f40b9e6f7cfed63bba3b6eae6b0403ab26906caa77830027ed39a05918c4b877
njrat
fcbdafcedb7e9d18b0c8b640e375975320e6f74fd4170fea17b2ca210215d855
njrat
+ 259 additional samples on MalwareBazaar
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
trojan family:njrat evasion persistence
Link:
https://tria.ge/reports/200624-28nmvr4786/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Drops file in Program Files directory
Modifies service
Loads dropped DLL
Modifies Windows Firewall
Executes dropped EXE
njRAT/Bladabindi
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/19320/

Comments