MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8cb5ccee62cb939a88f8ee36da47518c7c11eef0378b4ce9e678502bd83dd5aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

njrat

Vendor detections: 7

Intelligence 7 IOCs 1 YARA File information Comments

SHA256 hash:	8cb5ccee62cb939a88f8ee36da47518c7c11eef0378b4ce9e678502bd83dd5aa
SHA3-384 hash:	bca2f12e5b2658152f2101494e1cde88133e3a24eab34dd2850fb9196925c3480492ea1ac3148621e6e3cf08a8e6d9a4
SHA1 hash:	c62d0dccaa3a0434e35a1d7f299893c9118d16e5
MD5 hash:	07de416d6093c63451a07477bc9f790a
humanhash:	robin-uranus-jig-magazine
File name:	07de416d6093c63451a07477bc9f790a.exe
Download:	download sample
Signature	njrat Create hunting rule
File size:	470'016 bytes
First seen:	2021-04-02 20:10:20 UTC
Last seen:	2021-04-02 20:48:01 UTC
File type:	exe
MIME type:	application/x-dosexec
ssdeep	6144:c9b+3eMQM/aMOZabe3h1PtRjAqmYVNf3yTXcYBbt6KMBhuW/psvCC1amK:13F/aMDb8BtRjA7XcYNclBtm4m
Threatray	7 similar samples on MalwareBazaar
TLSH	CDA45C142BFC9A3ACE6E83FFA091041083F8B565E643E30E5AD4B2B11DB7761F892557
Reporter	abuse_ch
Tags:	exe NjRAT RAT

abuse_ch

njrat C2:
23.105.131.228:5355

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
23.105.131.228:5355	https://threatfox.abuse.ch/ioc/6587/

Intelligence

File Origin

# of uploads :

2

# of downloads :

244

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

07de416d6093c63451a07477bc9f790a.exe

Verdict:

No threats detected

Analysis date:

2021-04-02 20:11:15 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/a68cc297-cb8b-4190-bb31-581c2e410b86

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/131871/

Detection(s):

SecuriteInfo.com.Mal.Generic-S.27969.19076.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Creating a file

Enabling autorun by creating a file

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

njRAT

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/4b02ac9d-b052-4196-92f1-a8aeaceaa75b

Result

Threat name:

Unknown

Detection:

malicious

Classification:

troj.adwa.evad

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/664037

Signature

.NET source code contains potential unpacker

Drops PE files to the startup folder

Machine Learning detection for dropped file

Machine Learning detection for sample

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Uses dynamic DNS services

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8cb5ccee62cb939a88f8ee36da47518c7c11eef0378b4ce9e678502bd83dd5aa/

Threat name:

ByteCode-MSIL.Backdoor.Bladabhindi

Status:

Malicious

First seen:

2021-04-01 22:23:52 UTC

AV detection:

7 of 45 (15.56%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=rs24z3tczojzvchy5y3nur2rrr6bd3xqg6fuz2pgpbicxwb52wva._file

Verdict:

malicious

Similar samples:

4e890d4e6329b4ea3bc61d458e727a81cdf9358d6b5bedbd290aa85ed7a189d1

5c4f702528c6a34f0088c459cacf963576aa1de96ca1d0b67becb5a11be579a3

9f1a15d397da38beca711d36c64eb697a9947bbf3a16b62809063a94f8eb0129

b295967168e9fc2f06437a12689122301171650aa213095bda2c1260d8f3c607

d6dfc8d8b84320da79091eba6ebef43745ac7140e8c7006304131518c24393b9

eedded196860d1ef5a143268a85bc3951af23e55da8c12b8b1b58b42b9f443f1

f9cb1efeadb768deb9b9fb669249b1b7bc242ee6fd3462b326ffcdeea42a657b

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/210402-sp4are8g7n/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Drops startup file

Unpacked files

SH256 hash:

8cb5ccee62cb939a88f8ee36da47518c7c11eef0378b4ce9e678502bd83dd5aa

MD5 hash:

07de416d6093c63451a07477bc9f790a

SHA1 hash:

c62d0dccaa3a0434e35a1d7f299893c9118d16e5

Link:

https://www.unpac.me/results/740c39fc-5124-4684-96bb-3720b9bf263c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.49

Link:

https://yomi.yoroi.company/submissions/8cb5ccee62cb939a88f8ee36da47518c7c11eef0378b4ce9e678502bd83dd5aa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/131871/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample