MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 831d7b676bb75c44df50f40798fe739cb07d4c0b1ee217a7e8fea443f7b00346. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 831d7b676bb75c44df50f40798fe739cb07d4c0b1ee217a7e8fea443f7b00346
SHA3-384 hash: a86fe659e7c509dd9d7267158970f7290473bc06a3653f83dd01a95a29df29b43de806bca24eae808171c9e67dc82632
SHA1 hash: 2c6583a86b29e4cfb12a8d2ea67855542b102a06
MD5 hash: fa976fd4ba38d31a2ff450289b214e97
humanhash: fish-william-single-whiskey
File name:In_WO072.vbs
Download: download sample
Signature njrat
Create hunting rule
File size:1'597 bytes
First seen:2021-08-17 15:15:59 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 24:rEEPdqnWa9SN5JPpUI0I2rWGItUIZOIIIPITI3uFIJwIEIfILdgcjacdgcquU2bD:3tRx2Ahn1wE+FIzhg3Nz
Threatray 88 similar samples on MalwareBazaar
TLSH T130317E0870335993EA06D42231A731DDBD312748AAFB8B71155EEA42AA409BF5C5CAB7
Reporter abuse_ch
Tags:NjRAT RAT vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
225
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/180122/
Result
Verdict:
MALICIOUS
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/834658
Signature
Creates an undocumented autostart registry key
Multi AV Scanner detection for submitted file
Sigma detected: CrackMapExec PowerShell Obfuscation
VBScript performs obfuscated calls to suspicious functions
Wscript starts Powershell (via cmd or directly)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/831d7b676bb75c44df50f40798fe739cb07d4c0b1ee217a7e8fea443f7b00346/
Threat name:
Script.Trojan.Valyria
Create hunting rule
Status:
Malicious
First seen:
2021-08-17 15:16:19 UTC
AV detection:
6 of 47 (12.77%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qmoxwz3lw5oejx2q6qdzr7tttsyh2tald3rbpj7i72seh55qanda._file
Verdict:
suspicious
Similar samples:
0b365ef77b8b8ed330a2e48b081a20d9eb5b275b276306e5b51615cf10821fe0
njrat
766d8e9d2d0de0a0ba2440a847e7eb7da3e69d51331e15a61ec1d25d3d92fc3e
njrat
7f1cd16cd2d2e5644752a3e0fd411c3902bad47051779d5bd539e9650f53787c
njrat
88614f9e923a5d979c64bee190f05f0932bc01f351ded417c59e1b2a92be560b
njrat
89aea7429e8634bbba4d97c8576adb9568cdf91830d15ecd2c34c5a290f7b83f
njrat
ce30c428376eac3095f203ebe88f94a38737dc82f2ad018b2ae6c8569b389c5a
njrat
d1b19d456e97bede86d5bbe8c09b027b00c330e568c0474abb3e60ad154bc62d
njrat
f44394f10dd10600a8f25093e76fac442c594ea85debf6bfea0933766529f747
njrat
ffec1862f56857ad722abbcb98be7af86f2cf0763371bcb40273f0d884157c32
njrat
+ 78 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/210817-ysg7pkzens/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Blocklisted process makes network request
Malware Config
Dropper Extraction:
http://transfer.sh/1uYB7Ts/opls.txt
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/831d7b676bb7/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/831d7b676bb75c44df50f40798fe739cb07d4c0b1ee217a7e8fea443f7b00346

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

njrat

Visual Basic Script (vbs) vbs 831d7b676bb75c44df50f40798fe739cb07d4c0b1ee217a7e8fea443f7b00346

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/180122/

Comments