MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 73e77b09006d9dd538a7b4b3a89c9918a6dcb7e93fe6fb9d65341acb09318233. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 73e77b09006d9dd538a7b4b3a89c9918a6dcb7e93fe6fb9d65341acb09318233
SHA3-384 hash: 58515fc83c04e79f10127d6a5bc1922882f676f306cfffe3a96e68b8e826e39d9e25be4d2d1f344d6769f7dbb58c5b21
SHA1 hash: 0b4a205d0486a37297935067dfd6c85bc021c7eb
MD5 hash: d18c1d6f3402a0eb4cc9a06b25bae82b
humanhash: seventeen-crazy-nine-arkansas
File name:73e77b09006d9dd538a7b4b3a89c9918a6dcb7e93fe6fb9d65341acb09318233
Download: download sample
Signature njrat
Create hunting rule
File size:535'040 bytes
First seen:2020-11-10 10:53:35 UTC
Last seen:2024-07-24 16:08:27 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'600 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 12288:DDDXxb9CjUtya6BSG6bJ4DXbNl4vbltXaa5K1Uyk3uMKO5PCMEp/k:DvXNJtypBSLqVU
Threatray 58 similar samples on MalwareBazaar
TLSH E8B418AD725036EFC867C972CEA81C64EB9074BB930BC247906315ADAE4D997DF140F2
Reporter seifreed
Tags:NjRAT

Intelligence

File Origin
# of uploads :
2
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Adding an access-denied ACE
Creating a file in the %temp% directory
Launching a process
Creating a process with a hidden window
Deleting a recently created file
Unauthorized injection to a recently created process
Creating a file
Creating a window
Sending a UDP request
Creating a file in the %AppData% directory
Enabling the 'hidden' option for recently created files
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/73e77b09006d9dd538a7b4b3a89c9918a6dcb7e93fe6fb9d65341acb09318233/
Threat name:
ByteCode-MSIL.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-11-10 10:55:55 UTC
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=optxwcianwo5kofhwsz2rhezdctnzn7jh7tpxhlfgqnmwcjrqizq._file
Verdict:
suspicious
Similar samples:
077a1514c1e8452cea89624a0f990a369fa2e654ce743b264fc9e3c85d7025e4
njrat
0e2821a2518ddfba5c461b6ebcd30d0226c92cfbf9bc31d1b848502dc0fb89df
njrat
1e1edb890e24d3cb872cc3732134658213cf42b670fb751c3fb425ea624df58b
njrat
43ddd2b5298b9c14f9dd71ad0883e954fdc4515d947874ddf2c2f22b99764e55
njrat
5ac3c60303143b7484d2f4217b3d7eb92d83d13b8c1f8055ba5b08b3cd2993f3
njrat
62883e8f83fcbbfb535c5dbef62be7d671b3513540f15b8b1d293a5fc9ea79b1
njrat
7dccbba3dd0e7a899a0cfc01bbf1d7625fcc06f1704be9231782cfc9bccc6b73
njrat
81e7f34b79771377a5826d74309f7ca00e1e8a4f42a79328836925ba55fdcd47
njrat
83456f70dec6de88075e8f81f212d4d0798f3dd42e37838c6d824cfd5bf2fa67
njrat
e8ea3c240a7dc0081189f35e73a4f74ba329c1afd98d9153fc273569f14e3a80
njrat
+ 48 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201110-dmk35gfb76/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
db36d9a03aba34442bf07168524fa6a5bf1cc015fd3592ad3b1902ac4f3eb8ff
MD5 hash:
bd0fdce5901cfe94bf4b02d6573a232b
SHA1 hash:
748fb08005ffcef1fb87fcac2d1f09f4425bc6ff
Link:
https://www.unpac.me/results/c08434af-6787-4199-b69f-b8f57a18e243/
SH256 hash:
888c57f05ff557783bce03eb6351a4fd1e16126c79e4eb54422500138f4b5983
MD5 hash:
3f1bd42a53c1370dc6b58af05ed7969e
SHA1 hash:
86edb88e5aede368abf3a56c6b5b9b9079bbd53c
Link:
https://www.unpac.me/results/c08434af-6787-4199-b69f-b8f57a18e243/
SH256 hash:
73e77b09006d9dd538a7b4b3a89c9918a6dcb7e93fe6fb9d65341acb09318233
MD5 hash:
d18c1d6f3402a0eb4cc9a06b25bae82b
SHA1 hash:
0b4a205d0486a37297935067dfd6c85bc021c7eb
Link:
https://www.unpac.me/results/c08434af-6787-4199-b69f-b8f57a18e243/
SH256 hash:
45bc59e4618056b87710c768a498e26d78d2a50da829f960a602c696cbb82d56
MD5 hash:
ef2fcff179329b26c2d49492d64b41eb
SHA1 hash:
9b3e33c86ee4a5f47bb0b5b8d2bc6dbd7431f183
Link:
https://www.unpac.me/results/c08434af-6787-4199-b69f-b8f57a18e243/
SH256 hash:
bac5797bde4b2810766a40d95bcdb825ac5b395fcbadd139daa19a44a6cdc049
MD5 hash:
a92cc1f6e0a2742350dfda6726db14c0
SHA1 hash:
e5404e3ed46498deb8ad8966a774540c2b8e9c1e
Link:
https://www.unpac.me/results/c08434af-6787-4199-b69f-b8f57a18e243/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Keylog_bin_mem
Create hunting rule
Author:James_inthe_box
Description:Contains Keylog

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments