MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8325ff9c585668aafee7499983616920d347b6e778c5c183484cb0aa5738f45d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobianRAT


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8325ff9c585668aafee7499983616920d347b6e778c5c183484cb0aa5738f45d
SHA3-384 hash: 58ffa85d783ef651425bf5218a88dfb74de2f6303bd178bc54af12751aa4f1b4ab1190ece9afcee5ff3babd334cd8185
SHA1 hash: 15174372056805d447a2a99b34e04ceef3f4c973
MD5 hash: f755142ef8a850daa4822d45bcdc1417
humanhash: arkansas-illinois-edward-table
File name:njRAT
Download: download sample
Signature CobianRAT
Create hunting rule
File size:30'720 bytes
First seen:2020-07-24 10:57:52 UTC
Last seen:2020-07-24 12:08:32 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 384:5tx3heisOZUm8IkcZPR6VV2PE0csv34BdlOtVNvpSIw39q0rDP2kMK6KUkyoseNQ:Xn3EkZPR6V8ZvIBdgPoDJ0Y+No6YW
Threatray 11 similar samples on MalwareBazaar
TLSH 96D24B8863E18A32C97E577B05B3926013F48F13D617EB5F4ED4B4A92FB37114A90A63
Reporter JAMESWT_WT
Tags:CobianRAT

Intelligence

File Origin
# of uploads :
2
# of downloads :
113
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/32176/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader26.5584.20217.30393.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a process from a recently created file
Creating a file
Deleting a recently created file
Enabling the 'hidden' option for recently created files
Using the Windows Management Instrumentation requests
Sending a custom TCP request
Unauthorized injection to a recently created process
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun with Startup directory
Enabling a "Do not show hidden files" option
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.adwa.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/397300
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8325ff9c585668aafee7499983616920d347b6e778c5c183484cb0aa5738f45d/
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-07-24 10:58:04 UTC
File Type:
PE (.Net Exe)
Extracted files:
6
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qms77hcykzukv7xhjgmygyljedjupnxhpdc4da2ijsykuvzy6roq._file
Verdict:
malicious
Similar samples:
25c0754621f5c8de0e8a71235e26c6797d21a70ed779ec455d4b589c2ce53bb8
CobianRAT
4d9b89978e6ca9cf14cb1f04859e01e66c1e0dbefedd1663617647535c0b3fa0
CobianRAT
4f3129e7343d1dee0695d18f265f88610ec1c04132be5d1888993278daf8920e
CobianRAT
54cc3426c8ad3f2d39543a8157843620af7108ea419589cc6755e77a31b96047
CobianRAT
723497bec220b3ef0d45c5134403fd2ba23eef0673707cf1e74166b06365d308
CobianRAT
9f55258f872561acb62137271079b8e1f67ebe6b1a211e30a2c02c02699c3449
CobianRAT
b52960b7ce7ae8c007c59626859816296471b7810036baaa7b7b86c2cd6d6218
CobianRAT
c1b06231624dd9cd446357211a63f8d27f2a7781123c0dff89f277f95e408192
CobianRAT
ddbe4689702130a4dc5d5133c517f466a47e003b645326c7dded00247bde315f
CobianRAT
fa50933b7c3b07672776f2e7a0f543bdfb537e6f7d88bc6c1bc1a84af8839ed5
CobianRAT
+ 1 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/200724-5ppbw5rn4j/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of WriteProcessMemory
Adds Run key to start application
Adds Run key to start application
Drops startup file
Drops startup file
Executes dropped EXE
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
NJRat
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8325ff9c585668aafee7499983616920d347b6e778c5c183484cb0aa5738f45d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/32176/

Comments