MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8da277d229f4f957841a556c88217fb66773203b1382a0673b2895a6a45e65cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8da277d229f4f957841a556c88217fb66773203b1382a0673b2895a6a45e65cd
SHA3-384 hash: 507dc3c222845e893c07f4259e99b31129b216a76c2dbb64819226bac3b1f85189d24049a0498aed925c65b13f3ccb12
SHA1 hash: fdd2f0ccaa1efdd4f02ff5a41d1cc9e86b170c0e
MD5 hash: 6b8441b3e15b6a2803f93a1c8c684bb9
humanhash: wolfram-sink-happy-king
File name:8da277d229f4f957841a556c88217fb66773203b1382a0673b2895a6a45e65cd
Download: download sample
Signature njrat
Create hunting rule
File size:465'180 bytes
First seen:2020-07-06 06:55:06 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ab6770b0a8635b9d92a5838920cfe770 (84 x Formbook, 30 x AgentTesla, 15 x Loki)
ssdeep 3072:W7QIVP/YnWKcxP0lzO3J/JC+gZS8uURCFKiN9noBlhWDEdn5Dc+B1:YFHhzP0lzO3J/JCfS8unFK4CFWDknW+f
Threatray 2'086 similar samples on MalwareBazaar
TLSH 21A471DD984A3649E767B9F84634EC5254AE2C2E5C4B001933FF36A598B3687CE0784F
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
138
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Njrat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/20975/
Detection(s):
PUA.Win.Downloader.Soft32downloader-6691270-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a file
Creating a process from a recently created file
Creating a process with a hidden window
Creating a window
DNS request
Launching the process to change the firewall settings
Connection attempt to an infection source
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8da277d229f4f957841a556c88217fb66773203b1382a0673b2895a6a45e65cd/
Threat name:
Win32.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-07-03 00:46:52 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rwrhpurj6t4vpba2kvwiqil7wztxgib3cobkazz3fck2njc6mxgq._file
Verdict:
malicious
Label(s):
hawkeyekeylogger
Create hunting rule
Similar samples:
07a313a7a49c4b8c0fafa65f3779a32ffa3f8cd52073fc38a657189839b91668
njrat
194fe792044279124a5e298a697897e99df0dd83f7c51d6bee295b447810531d
njrat
22220e44323b331b37a0576b701085b7c53665aee96c6897920939ceecfcc5ad
njrat
3bb5fb27d874f1c76a4934915a8c070fc70a9787414cdfeb3227680c92dc5eaf
njrat
4b1e07f367e2c29e90cad5cd928dc1572dbcedfb04cd722fba01c67a7d349361
njrat
51b2fe7ed5d6da110fe512ac143f26b29b8819b25f4540e93825d310d60d2511
njrat
a4cfc3715bff5df4b930adfd46eda975666cafebd5e538910680f44d105170a3
njrat
a4f5e2cf0da87c59ef9a3ac7560db3a4976c74c3bd2883aae636ded48b972de3
njrat
b076cbf14c6f0a9bbb4aaaf8242622cefb6bccdf2aef9e130b48a0552bb5016f
njrat
e8adeee1736ee068f79284077ec905137051eaed11f0be53cc1977f30edb3102
njrat
+ 2'076 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200706-c5743jalre/
Behaviour
NSIS installer
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/20975/

Comments