MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 845d91eb6a8f0a630970249fad1e3aefade136454021298e14653bd5c35b52b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 845d91eb6a8f0a630970249fad1e3aefade136454021298e14653bd5c35b52b1
SHA3-384 hash: 180dc02b72da67ed2f9cfb58b61551a1846513f3c5ed730e40e0bf2ce9fc5d6249c3b613ca511f1f2b6dbee783ce3e0c
SHA1 hash: 25d7339e3a442e193f80ad50294e27f569e8d582
MD5 hash: 68ee90b835d57fdc75617c4e699177a0
humanhash: dakota-one-wolfram-two
File name:845d91eb6a8f0a630970249fad1e3aefade136454021298e14653bd5c35b52b1
Download: download sample
Signature njrat
Create hunting rule
File size:361'472 bytes
First seen:2020-07-06 07:02:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'658 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 6144:NvyIhQ2+NnAIBi2GhNQC0chT6a6rVJ/B9bE/9KI1UP+j:NvM22nAIg2iNQvchT6a6rVFvE/0I/j
Threatray 40 similar samples on MalwareBazaar
TLSH 4A74197277EC560EF23B65744BA0F144AEF5EA6A1311E74E3C12124D18E6E828F72637
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
169
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Njrat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/21004/
Detection(s):
Win.Packed.Bladabindi-7082976-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Creating a process from a recently created file
Creating a process with a hidden window
Creating a window
Connection attempt
Launching the process to change the firewall settings
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun with Startup directory
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/845d91eb6a8f0a630970249fad1e3aefade136454021298e14653bd5c35b52b1/
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-06-30 01:44:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
10
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qrozd23kr4fggclqesp22hr256w6cnsfiaqstdqumu55lq23kkyq._file
Verdict:
suspicious
Similar samples:
04a4d40515b77903bb9472b01aaf951f059236999665e847a660ed99d929b78b
njrat
06eedbf28decc091bf9b743dfcbd8314a1a44cac862681d543f458604ec5c6b6
njrat
7657c4fe9e815bc0f3feb18ce27b913cc29e48977d704b9af288c3895fa72cf8
njrat
7a86d926fd487fdf9abd3d0f7edb88580203e78c95a252c6d246f27d9c23428f
njrat
8bbb8fe69100550248f4663e911a16bca03432bef9112dd0924d7a9c3dae8464
njrat
b9f183918ce6878943fa07f7522c0ca894ea454d5616fa387374e414dc935ee7
njrat
e2136c8268bb5be4fe2a295a9bb9250c00437452cd3d65822290e3a68b1fb94b
njrat
e3e23a1867df6b2aebe2c2147de72833f24eebb7ad203bd5ab404a3e65e75c83
njrat
e4cdb94099f1ea5610412795ecf5a825b52e4f3d239256d76bff88105fe4acf8
njrat
e985fab8925af2db36a85b6695c0fbbf70a59fd7bb9de245987667ed6aa9ffc6
njrat
+ 30 additional samples on MalwareBazaar
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
trojan family:njrat evasion persistence
Link:
https://tria.ge/reports/200706-vt4hy3ltgn/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies service
Adds Run entry to start application
Drops startup file
Loads dropped DLL
Executes dropped EXE
Modifies Windows Firewall
njRAT/Bladabindi
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/21004/

Comments