MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 905093419606a40ac3ab198e8c905607453c7a8cf013f44cb410922662826f21. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 905093419606a40ac3ab198e8c905607453c7a8cf013f44cb410922662826f21
SHA3-384 hash: 4fd0b59279da97c6b16c62e048a3fcaaeb8bb493ae7f94aee40b9782778d2f4e295e0d5c854352f0fc102c4f4a918db0
SHA1 hash: 6584ea2a81698ec8b64a2f75a5979095265b19f4
MD5 hash: 6384dbe116edc01158d7796bb44b5165
humanhash: connecticut-potato-steak-sad
File name:905093419606a40ac3ab198e8c905607453c7a8cf013f44cb410922662826f21
Download: download sample
Signature njrat
Create hunting rule
File size:91'136 bytes
First seen:2020-06-29 07:46:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'609 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 768:hUZ8d0y5QvMfpd8ByNbUbtKWDsv0sUWMpj9YAkEdeTvqp7tmIfzOQGSFJr:aZ8dx5wMyyNbUbov0NpjDIqptm9QtF5
Threatray 6 similar samples on MalwareBazaar
TLSH 1D93E708FBA9B415C40C0634CB6A89B18EB5ADC1BC171BFA7DB1F46E1AF2D6955034BC
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Njrat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/15922/
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/905093419606a40ac3ab198e8c905607453c7a8cf013f44cb410922662826f21/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-06-29 07:11:14 UTC
File Type:
PE (.Net Exe)
Extracted files:
2
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sbijgqmwa2savq5ldghizecwa5cty6um6aj7itfuccjcmyucn4qq._file
Verdict:
malicious
Similar samples:
002dd9b7cbf8ca2a09434f8c4abd85631efe922ab8daa1219d86d83a0228aeda
njrat
0f2473906fd34a74c861e8a2bd8461213b0b82b7b6242087f9597ad9f700dae9
njrat
23d88898a1f8368db37855bc147da3b0e455a9c866a6924dea2ac2715c7a5721
njrat
5929445eb9941a91426eb0cc13cf918649608a1e2772d283cdc83665d82d400a
njrat
8189bd53be9671b5323cb80f5594fe36ef1f91d6cd6f3e241baeb7f74b6c6eb7
njrat
bd6b2c640872a9390787ee66b1001abfbd31995f0f0bc3949264b19ae820f02f
njrat
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
evasion persistence trojan family:njrat
Link:
https://tria.ge/reports/200629-8ktmthxdne/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies service
Modifies Windows Firewall
njRAT/Bladabindi
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/15922/

Comments