MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 90f6d27c8269a6dbbfbcd3c6735ae51bcc1942defd21c547004b33265e85b7e2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 90f6d27c8269a6dbbfbcd3c6735ae51bcc1942defd21c547004b33265e85b7e2
SHA3-384 hash: 69b5d876bff04dbcb04da085ab7c38f0b66d279ac5575634d77fc11fe1dd61ef4ddf44c4557a78a0fa7fb779fcef87eb
SHA1 hash: 92bc89bdc160f537a29cfb2377b51eca157b10bd
MD5 hash: b8e0543b8f867e5bc2b15bc003aeeece
humanhash: hot-september-blossom-spaghetti
File name:Gaa2vyNM.exe
Download: download sample
Signature njrat
Create hunting rule
File size:163'328 bytes
First seen:2020-03-29 23:56:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'205 x SnakeKeylogger)
ssdeep 3072:4+brOcj5x8PXwvepOOThDglEJFwhz1QxAPmP3Q:l84mpOOClUFCQxbP3
Threatray 151 similar samples on MalwareBazaar
TLSH 74F3D82F7688CB15DE542C71C4DBA53003D5AECB1B33E24A3F49265D1D423E79E4AA8E
Reporter johannes
Tags:NjRAT


Avatar
viql
njrat via https://pastebin.com/raw/Gaa2vyNM

Intelligence

File Origin
# of uploads :
1
# of downloads :
104
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Bladabindi-6862380-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Bladabindi
Create hunting rule
Status:
Malicious
First seen:
2020-03-30 00:35:24 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
28 of 31 (90.32%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sd3ne7ecngtnxp542pdhgwxfdpgbsqw67uq4kryajmzsmxufw7ra._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0f6ab91e876a548f6434c6be14fa607768a597430b226d586cf428da94ab931c
njrat
37a1dca413bedca841a9a633c04c77df208a7dcef64a26c799d01078805f8774
njrat
43a0c2443d1a63d4cc498bae9d459590b37379d5dd57a625545fa484a99d3fb6
njrat
4e890d4e6329b4ea3bc61d458e727a81cdf9358d6b5bedbd290aa85ed7a189d1
njrat
9da009d5ba4d56b1ea8360698a817fe6e321964998ed68ce40d0ce14b4c49762
njrat
a0de65c408284dfddf6318980b138aa05015686c4371853070500ff84d18cd50
njrat
a40f7767aa2fd1c3efe1fc0f0178088d1640d1a2fd5b4d4b075f8bbff43ccfd8
njrat
b8fbf85d1eab97ed168f99eb07d13294594675a051c2056b5374630d81fd974d
njrat
c994005280c186f67dc644ffbe88a9fcf43f45b16605c3f51a138dfc262b4c50
njrat
d873f30f48805a3dbab8c976665c26fc9c661e23f3b82f143fdd7346268b595a
njrat
+ 141 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/Gaa2vyNM

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh

Comments