MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7b8737c1334e0ed07632ae06bf455a47ca63ed00b8dc3633d09b028c91868405. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7b8737c1334e0ed07632ae06bf455a47ca63ed00b8dc3633d09b028c91868405
SHA3-384 hash: 94c3b304b4cf82e9bb620046af1cd4d8c264db43484195586cf204f1de4bfb54508cd6eefa89cbbcd01e7d1c40d3fb55
SHA1 hash: f6398ceec992ccd223b92a7393ca27a0d91ffea5
MD5 hash: b6c5d5370d3afe4e8fb4e53d883e39aa
humanhash: oven-asparagus-charlie-georgia
File name:7b8737c1334e0ed07632ae06bf455a47ca63ed00b8dc3633d09b028c91868405
Download: download sample
Signature njrat
Create hunting rule
File size:3'223'552 bytes
First seen:2020-06-10 07:31:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'206 x SnakeKeylogger)
ssdeep 24576:8qRDe2h9BiCJZvnCHJh6RXinKgUByYiv5BMSfO7nGUyCHdYfMoXX3vlGc+FuEZIk:De2h7Zs5mSfGCmYU6X3vbcIHTPOxqX0
Threatray 880 similar samples on MalwareBazaar
TLSH 7FE54B12B285747AC46E0635497BDA74A93F7E6126128C0B67E01C8FFF365413E3A62F
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Graftor-6878643-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 13:37:53 UTC
File Type:
PE (.Net Exe)
Extracted files:
48
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=podtpqjtjyhna5rsvydl6rk2i7fgh3iaxdodmm6qtmbizemgqqcq._file
Verdict:
malicious
Label(s):
hawkeyekeylogger
Create hunting rule
Similar samples:
00f56b143485687fdd42390f99f032368bb38634454dac6774a29645860500aa
njrat
1428aeb0bca8d34f82f582304a44a2a2fba9772f9d66d26b7b8846f3c338db45
njrat
19bffd1ad2b3815d2a25e20c7e04c192c0c83fe4fbc074aecb3d29840ca5abab
njrat
24c45d8836f92e0db911917f0d1d94628b63f7e4dd7ae192202a4238173eb902
njrat
443acbef4ff1a33a79660c70bd56cc0bcf9f1a4d3c471d08e385e206632dc5e8
njrat
70485cf8fc6fc5743edd79d31f7d33238afd3209c3d1ee33a369b04f39f9ffc1
njrat
7e9ac02ef55086007fea1eba1e4def949e86a5ac3eacdb4d5952c6bb5a91a712
njrat
c9cb003018cd18be086e5bda1d5202198362aa3b4ddbb7da64ec58be2632627a
njrat
c9d97c9102efc732acc298fe4700df8977d7014543dff57210a81e8ab613fa16
njrat
cdf962c137cd25e29e5aa4c7dd56ea86b67f136d771cf20b9bebb1b6df4ded5e
njrat
+ 870 additional samples on MalwareBazaar
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
family:njrat evasion persistence trojan
Link:
https://tria.ge/reports/201109-38n5c3356e/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies service
Adds Run key to start application
Loads dropped DLL
Executes dropped EXE
Modifies Windows Firewall
njRAT/Bladabindi
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments