MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 733036ae8101048351d1cf684fe1bc02c1cf7a70725a470bec7cbd59a602738b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Adware.ExtenBro

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	733036ae8101048351d1cf684fe1bc02c1cf7a70725a470bec7cbd59a602738b
SHA3-384 hash:	69fd02e8c96aacfe1b16821f89cb548bebab9317c30fde8a0e1c33de05b8ef0b56c2199031c06a59eb2727ac3734da06
SHA1 hash:	f23a8bc93d2fa26eae7e4ff6df8224c3868ad478
MD5 hash:	641ee46feae86010e3672f553ab4c282
humanhash:	tennis-earth-hydrogen-cola
File name:	733036ae8101048351d1cf684fe1bc02c1cf7a70725a470bec7cbd59a602738b
Download:	download sample
Signature	Adware.ExtenBro Create hunting rule
File size:	2'914'989 bytes
First seen:	2020-06-10 11:55:10 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	4d17be67c8d0394c5c1b8e725359ed89 (5 x Adware.Generic, 4 x njrat, 3 x NanoCore)
ssdeep	49152:jmSaNsCJiKU0s4UOmnX1HYe8kDSt2BMQikKYBGsj11gRntD4RA:iSMsewfOmX14esCBNJJ+t82
Threatray	96 similar samples on MalwareBazaar
TLSH	18D533DA7750918BFF28FFF0A4BFAE1CA8A5C0CE5B2430471B0A8435CFA9950D653596
Reporter	JAMESWT_WT
Tags:	Adware.ExtenBro

Intelligence

File Origin

# of uploads :

1

# of downloads :

121

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Downloader.Soft32downloader-6691270-0

SecuriteInfo.com.PSW.Generic8.CDKL.UNOFFICIAL

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Wacatac

Status:

Malicious

First seen:

2020-06-10 11:33:22 UTC

File Type:

PE (Exe)

Extracted files:

151

AV detection:

28 of 31 (90.32%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=omydnlubaeciguorz5ue7yn4ala466tqojneoc7mps6vtjqcoofq._file

Verdict:

malicious

Label(s):

agenttesla

Similar samples:

066752bd623ba4401c4f223b1d7d3367095632159cf758327e6fe7025d5d9a3c

Adware.ExtenBro

59b230d608d121a6969fa2eab41b020c57f99328319ebd92ef00cb4081562589

Adware.ExtenBro

72146e890efa1de6ee90e445ceb11ad9dc3b053fa5e82757756a393ee4617a77

Adware.ExtenBro

95a191b5e1728a1dc9a0007719ae7adba5be88b1ae5e8919185c91a201148a51

Adware.ExtenBro

b2f041348835c102db3769245ee4c28dd00cb19c3c6710fc9c11228f3bbce61b

Adware.ExtenBro

ba27536db363cf3a604908ecd21ca5b81b0b20e3f6f0447628b82e34240ae67a

Adware.ExtenBro

f41d910195a48409a0d7047fa3e9d2d62b19361c92f8f2f045d9a4ba7a0e869e

Adware.ExtenBro

f95573e18dd16600bedc2ab6917774a91603d5e90ae5deccfa969a8311802972

Adware.ExtenBro

f9b03c723f0707c47dc00e0d77ac55559d2cd07cd6b38a67126e535068ca05dc

Adware.ExtenBro

fe3e525b56aaa99c9716eb9a4b7a1884e8b1f35d38388268f627485532f25d60

Adware.ExtenBro

+ 86 additional samples on MalwareBazaar

Result

Malware family:

njrat

Score:

10/10

Tags:

family:njrat evasion persistence trojan

Link:

https://tria.ge/reports/201109-m8jkwtbrla/

Behaviour

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Modifies service

Adds Run key to start application

Loads dropped DLL

Executes dropped EXE

Modifies Windows Firewall

njRAT/Bladabindi

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample