MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b038ad84a4c75c08baee7fedcf154cc6e292d697e3c5abcf72b4c83a150318a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8b038ad84a4c75c08baee7fedcf154cc6e292d697e3c5abcf72b4c83a150318a
SHA3-384 hash: 1e4702b8a707a81f675839123ac58bbaf5aaa93e30909580e4e5a766f6d9d253b9fc7068e3218800b9e52cec5a9f6a67
SHA1 hash: 8af0b9692a224d4ab9450554af335dbbf3b6f3b4
MD5 hash: 9bd1949c943c02482f7ce0d5b01b2b19
humanhash: jersey-michigan-oregon-happy
File name:8b038ad84a4c75c08baee7fedcf154cc6e292d697e3c5abcf72b4c83a150318a
Download: download sample
Signature njrat
Create hunting rule
File size:415'232 bytes
First seen:2020-06-10 07:44:50 UTC
Last seen:2020-06-10 09:18:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'652 x Formbook, 12'246 x SnakeKeylogger)
ssdeep 192:lJwKOX+9O5e2jAo5W7KYKhReDzTFFfIDNQnzodgK1pNi9yNpNi9yNpNi9yNpNi9B:Rmyo5W7KYKezWQz53KU
Threatray 32 similar samples on MalwareBazaar
TLSH 0C94A4B337D422E3DBC6E611691AD843193F4ECA8791D89C75B1CC4A7EA6F01C49D2B8
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
2
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33966584.14724.10852.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Backdoor.SpyGate
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 03:31:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rmbyvwckjr24bc5o477nz4kuzrxcslljpy6fvphxfngihikqggfa._file
Verdict:
unknown
Similar samples:
0e5e318e272a7450269e3eacf53f53f5f25b843f1d8828452a090e4b2afe04df
njrat
599a44d4f1cffbce5b02f8b0f2705363cf3b8fbecbd14ac1a2d7c891894d909f
njrat
5fd99a847277dc24049ef62cb5941812830d9986db7daba130ac369a111cb124
njrat
983e210faada072a0ae9b176d62294be695fd805c0096083bd2053e05d0ad7dc
njrat
99f851b8bb921318568a9c87ef39bc353c0e3c9af67a8f5078e957f4bb046491
njrat
acc408b3a0f8fb42f1057c9eb710b75fa116d6624659ae1cd947093a45b831e0
njrat
b7a7b91c9a1ca0a674684f764013045221835ac624462f51339372c9c994e5b8
njrat
bc43d74e48156dcfd9991b8f5470d3f9e575a4937f368a0d856e30bfa81a74fa
njrat
d9118edc29cfe1266f681cb40d433d9a7f7611e35b75b898550d54c1deb6ffdd
njrat
fcbdafcedb7e9d18b0c8b640e375975320e6f74fd4170fea17b2ca210215d855
njrat
+ 22 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-pbaehhhjmj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments