MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 760f59b25bbdb98569b57ca18a132b7aee310746e40695c779eaedc3014d1b31. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

njrat

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	760f59b25bbdb98569b57ca18a132b7aee310746e40695c779eaedc3014d1b31
SHA3-384 hash:	a4b3fbe83063651ee1005dd3a65b4803fe29045f6a84d9bc776626efd4535a5b74a4d685a778554cbe268d03cd146c1c
SHA1 hash:	2fe6cd9c9f01430b34f67cd92bd0717a5dee26f1
MD5 hash:	45e4def2260a312dc1a87265af83d484
humanhash:	fix-sixteen-cup-tennessee
File name:	2Fev3U9D.exe
Download:	download sample
Signature	njrat Create hunting rule
File size:	32'768 bytes
First seen:	2020-09-29 13:24:50 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep	384:d0bUe5XB4e0XOOpjw0Q0mS03AWTxtTUFQqzFxObbl:OT9BuNC55dTbl
Threatray	31 similar samples on MalwareBazaar
TLSH	97E219067BE94215D6BC5AFC8CB313214772E3438532EB6F5CDC98CA4B676D00645EE9
Reporter	pmelson
Tags:	exe NjRAT

Intelligence

File Origin

# of uploads :

# of downloads :

175

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Njrat

Link:

https://www.capesandbox.com/analysis/66746/

Detection(s):

Win.Packed.njRAT-7445143-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a window

DNS request

Connection attempt

Result

Threat name:

Njrat

Detection:

malicious

Classification:

troj.spyw.evad

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/477437

Signature

.NET source code contains potential unpacker

.NET source code references suspicious native API functions

Antivirus / Scanner detection for submitted sample

Contains functionality to log keystrokes (.Net Source)

Machine Learning detection for sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected Njrat

Behaviour

Behavior Graph:

Download SVG

Detection:

njrat

Link:

https://mwdb.cert.pl/sample/760f59b25bbdb98569b57ca18a132b7aee310746e40695c779eaedc3014d1b31/

Threat name:

ByteCode-MSIL.Backdoor.Bladabhindi

Status:

Malicious

First seen:

2020-09-29 13:26:06 UTC

AV detection:

28 of 29 (96.55%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=oyhvtms3xw4yk2nvpsqyuezlplxdcb2g4qdjlr3z5lw4gakndmyq._file

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/200929-jkcgv4v1yn/

Behaviour

Suspicious use of AdjustPrivilegeToken

Unpacked files

SH256 hash:

760f59b25bbdb98569b57ca18a132b7aee310746e40695c779eaedc3014d1b31

MD5 hash:

45e4def2260a312dc1a87265af83d484

SHA1 hash:

2fe6cd9c9f01430b34f67cd92bd0717a5dee26f1

Link:

https://www.unpac.me/results/869f3ac4-c463-453f-b510-4103201c014a/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

NJRat

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/760f59b25bbdb98569b57ca18a132b7aee310746e40695c779eaedc3014d1b31

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

njrat

exe 760f59b25bbdb98569b57ca18a132b7aee310746e40695c779eaedc3014d1b31

(this sample)

Link

https://www.virustotal.com/gui/file/760f59b25bbdb98569b57ca18a132b7aee310746e40695c779eaedc3014d1b31/detection

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/66746/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample