MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 812464aa0dfc28db563abf6f12caba88f4c8998ad5813741b781c3ddbcba1eaf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 812464aa0dfc28db563abf6f12caba88f4c8998ad5813741b781c3ddbcba1eaf
SHA3-384 hash: 9289d248f508669ad2636c3b23e95908bd4a8871b2c1f3678915de8052b9b8c7d5827f32dd88945ef2da366c9a74a29a
SHA1 hash: 1b610c0bca5caf1e5bdcd409949c269b7e51313d
MD5 hash: 22ae02a0257adbbf653910e99f3cf6cc
humanhash: jersey-green-august-november
File name:bunzipped
Download: download sample
Signature njrat
Create hunting rule
File size:140'288 bytes
First seen:2020-06-17 05:23:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 3072:s59ZqNXGJoDAsdXMuhuz+bAd7j5+XpidGClihmQi:ccG2DAoIz3nFdBi
Threatray 130 similar samples on MalwareBazaar
TLSH 17D3BF0D36AC5339CA7C9B3C98F126440BF8A967B512EB5D9E8431EB1C63BC55A42F13
Reporter abuse_ch
Tags:bunzipped NjRAT Outlook RAT


Avatar
abuse_ch
Malspam distributing njrat:

HELO: NAM10-BN7-obe.outbound.protection.outlook.com
Sending IP: 40.92.40.62
From: roselveth mosquera vargas <roselmos@outlook.com>
Subject: Convenio Arreglo De Pago Comparendos Vencidos.
Attachment: Convenio de PAgo.exe.bz2 (contains "bunzipped")

NjRAT C2:
medallos.duckdns.org:2054 (46.246.80.66)

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Njrat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/19023/
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.gc.5761.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-17 00:56:24 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qesgjkqn7qunwvr2x5xrfsv2rd2mrgmk2watoqnxqhb53pf2d2xq._file
Verdict:
suspicious
Similar samples:
008d79b95dd17c51b103bf87aabf1e5a3ecff06c2ff26a5b5bce23ac1e0dda9c
njrat
21d9e401be93fb1a1493982cf1fa97e48682276f59f1def70b01d3b867fa1ad1
njrat
46f159db9dfbeacf681e8342cfd8ba72a008f044913e16103d900001a9bbcc88
njrat
4825b8a8ead48a62ae66a5ae53259dc01dc96d2456497802bd7e942ac390b79d
njrat
494f9dd6446590e875fa54a866cfc76c795f19722f2842d14d82590de96b6b68
njrat
50a183b6130552c9a7613ec0f2d81eba5731d4166e92d5249c2ab81e32d4026d
njrat
71c6097bb3d8fe7f3ae754bb013fc7db78c48a5a4da2a855878ffe444d40ac02
njrat
d11f8cd2987a718cc9d0bd9de289ee8d90555115cb9d03fdc8f0b930898e4a75
njrat
d49621996ba7b43c8d7cb35403ccbb13c50f1a1dddc9492ce7a74abd8597a115
njrat
f72f6b3b804113ed4ae77c2feb03a05f2537e6bcbb2da27c4627e2d80fc31260
njrat
+ 120 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/200624-qpe683w7nn/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Creates scheduled task(s)
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

njrat

1f6e992bb9f1e4ba2640df7f5f44036fd70696c9b3f3d7a18562bb28fbf3b0e2

njrat

Executable exe 812464aa0dfc28db563abf6f12caba88f4c8998ad5813741b781c3ddbcba1eaf

(this sample)

  
Dropped by
MD5 70e3896b13db4db7b682f7beb9c00511
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 1f6e992bb9f1e4ba2640df7f5f44036fd70696c9b3f3d7a18562bb28fbf3b0e2
Cape
Cape
https://www.capesandbox.com/analysis/19023/

Comments