MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7178cb4b5d6ac88f5d775ec3f0e916343da1a646632a2b3d9f257029c7c65d79. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

njrat

Vendor detections: 6

Intelligence 6 IOCs YARA 22 File information Comments

SHA256 hash:	7178cb4b5d6ac88f5d775ec3f0e916343da1a646632a2b3d9f257029c7c65d79
SHA3-384 hash:	b741ec8ec3581c634a0cd9c55b75b5965b3219f2b23c45bc682d1e78045278bd75012829bbaac1d492d5183a08d3cd73
SHA1 hash:	6c5d253fd9b4cff7de8e6b8c57c97617bda8f7e9
MD5 hash:	4f1e590adafe9982f2ce47ebd7b5fe1e
humanhash:	wolfram-mirror-cat-single
File name:	Advertising Project Information for Campaign Execution.pdf.zip
Download:	download sample
Signature	njrat Create hunting rule
File size:	68'992'302 bytes
First seen:	2026-02-02 22:20:55 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	1572864:MctI27/DMXK/4urV2qVFtAjcNRGSvhhGPs/KIF9kHwkG5du/8ioHufgARQzf:ntI5XK/rrMqWoNxvznsKu/foHjzf
TLSH	T140E7336960099842CE89177E83580F9FD4FF2B0B7871F51D1AB72BAA467CCD387124DA
Magika	zip
Reporter	smica83
Tags:	NjRAT zip

Intelligence

File Origin

# of uploads :

# of downloads :

137

Origin country :

File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

File name:	Advertising Project Information for Campaign Execution.exe
File size:	20'997'216 bytes
SHA256 hash:	4b840844ce458265427c1d9f11917bd94b84561ae7add3252e56cfb8f567e305
MD5 hash:	183edf6dd1ef070eb3d386090354acaf
MIME type:	application/x-dosexec
Signature	njrat

File name:	version.dll
File size:	97'724'416 bytes
SHA256 hash:	4ed04f89d3a140e956ee6dd9a2c165ad736d83e1dee5663320f46b1bd75d0358
MD5 hash:	76a4c61a72aa4769b682633a4589a1a5
MIME type:	application/x-dosexec
Signature	njrat

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/eb65ee58-b0fc-4145-9240-94c8a449a2ce/

Verdict:

Malicious

Score:

90.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6936c955881313558a2b8039

Tags:

vmdetect

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/7178cb4b5d6ac88f5d775ec3f0e916343da1a646632a2b3d9f257029c7c65d79

Result

Verdict:

UNKNOWN

Link:

https://labs.inquest.net/dfi/sha256/7178cb4b5d6ac88f5d775ec3f0e916343da1a646632a2b3d9f257029c7c65d79

Verdict:

Malicious

File Type:

zip

First seen:

2026-02-02T20:54:00Z UTC

Last seen:

2026-02-02T21:13:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/7178cb4b5d6ac88f5d775ec3f0e916343da1a646632a2b3d9f257029c7c65d79/results?tab=lookup

Score:

Verdict:

Benign

File Type:

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Bolonyokte Create hunting rule
Author:	Jean-Philippe Teissier / @Jipe_
Description:	UnknownDotNet RAT - Bolonyokte

Rule name:	Check_OutputDebugStringA_iat Create hunting rule

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerCheck__QueryInfo Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	Golang_Find_CSC846 Create hunting rule
Author:	Ashar Siddiqui
Description:	Find Go Signatuers

Rule name:	Golang_Find_CSC846_Simple Create hunting rule
Author:	Ashar Siddiqui
Description:	Find Go Signatuers

Rule name:	Mimikatz_Generic Create hunting rule
Author:	Still
Description:	attempts to match all variants of Mimikatz

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	pe_detect_tls_callbacks Create hunting rule

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits

Rule name:	RANSOMWARE Create hunting rule
Author:	ToroGuitar

Rule name:	RIPEMD160_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for RIPEMD-160 constants

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	SHA1_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA1 constants

Rule name:	skip20_sqllang_hook Create hunting rule
Author:	Mathieu Tartare <mathieu.tartare@eset.com>
Description:	YARA rule to detect if a sqllang.dll version is targeted by skip-2.0. Each byte pattern corresponds to a function hooked by skip-2.0. If $1_0 or $1_1 match, it is probably targeted as it corresponds to the hook responsible for bypassing the authentication.
Reference:	https://www.welivesecurity.com/

Rule name:	telebot_framework Create hunting rule
Author:	vietdx.mb

Rule name:	test_Malaysia Create hunting rule
Author:	rectifyq
Description:	Detects file containing malaysia string

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	vmdetect Create hunting rule
Author:	nex
Description:	Possibly employs anti-virtualization techniques

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample