MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 90fc19cf116053e010661e4e5ca83f20775e115bcc8c8ab37a1e6893cc5a9579. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

njrat

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	90fc19cf116053e010661e4e5ca83f20775e115bcc8c8ab37a1e6893cc5a9579
SHA3-384 hash:	57fa390655d57deb5154c5f0f64ee2e0998bc6789e464665b29019a15499dd8076f81cf3bf4e5dc1e00f11e659d9b18e
SHA1 hash:	042ea0dcc1ac70261d2c206cccbd117fcfdd15a5
MD5 hash:	053c655ad0033524f607a63ff8d88b2c
humanhash:	leopard-sodium-bravo-uncle
File name:	90fc19cf116053e010661e4e5ca83f20775e115bcc8c8ab37a1e6893cc5a9579
Download:	download sample
Signature	njrat Create hunting rule
File size:	169'472 bytes
First seen:	2020-11-15 22:44:53 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	720f62ecaae027b5c3ec6686644322e9 (12 x njrat, 8 x RevengeRAT, 4 x AgentTesla)
ssdeep	3072:ORCUDtzS/pLlHqefS6TBfFvj4bq57eX20mwu9z1c:OHDt2/ptqO3TB9vj48jT9K
Threatray	67 similar samples on MalwareBazaar
TLSH	91F3AE10B5C0C2B3D4BB013648E6CF369A26353A17AF95D3FB992FA66D113D096353CA
Reporter	seifreed
Tags:	NjRAT

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Creating a process with a hidden window

Connection attempt

Launching the process to change the firewall settings

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/90fc19cf116053e010661e4e5ca83f20775e115bcc8c8ab37a1e6893cc5a9579/

Threat name:

Win32.Trojan.Ymacco

Status:

Malicious

First seen:

2020-11-15 22:45:34 UTC

AV detection:

21 of 28 (75.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=sd6bttyrmbj6aedgdzhfzkb7eb3v4ek3zsgivm32dzujhtc2sv4q._file

Result

Malware family:

njrat

Score:

10/10

Tags:

family:njrat evasion persistence trojan

Link:

https://tria.ge/reports/201115-4wss94q3ja/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Modifies service

Modifies Windows Firewall

njRAT/Bladabindi

Unpacked files

SH256 hash:

90fc19cf116053e010661e4e5ca83f20775e115bcc8c8ab37a1e6893cc5a9579

MD5 hash:

053c655ad0033524f607a63ff8d88b2c

SHA1 hash:

042ea0dcc1ac70261d2c206cccbd117fcfdd15a5

Link:

https://www.unpac.me/results/7f8a2dcb-ee78-4e93-a0f9-1585f37aef54/

SH256 hash:

65423698d425509ce46bec6dc90a2b3069ff38a1dd4e46cde9c3bb9aff48cb8b

MD5 hash:

0a1995a505f251187f7a8b554b76c203

SHA1 hash:

f28b367ade208fed0fd40c31a111d027c9a36826

Link:

https://www.unpac.me/results/7f8a2dcb-ee78-4e93-a0f9-1585f37aef54/

SH256 hash:

f732768688eca7758364f3be904497695553a4abe4dbc2af65a1350498af2a83

MD5 hash:

ee34f9ef83d225a393421ed9ddc5852f

SHA1 hash:

53d8f6340165fdf105ec92108282d2bebaf53b10

Detections:

win_njrat_w1

win_njrat_g1

Link:

https://www.unpac.me/results/7f8a2dcb-ee78-4e93-a0f9-1585f37aef54/

Parent samples :

a4f850f05002e8a41697eb5b6d524c84a01a909696e41a2069834282779f9476
0cb7277fd5cb75df55a555c44d74cc513738a27578e0524bc8db9848968c2ac7
cebc70d2a5836d2a510eaf274a8e4e2e1ca815aa14fe31406cd05fda7ea7220b
90fc19cf116053e010661e4e5ca83f20775e115bcc8c8ab37a1e6893cc5a9579
deade334881a19f7363e189942a7870f8c5802731c3612bf014dacb78c4b5dc7
0fabf11cf290585e0c8bdb8e7842db113eed697996381a4693439b9009916930
a73fccf6d081c208ac2eedcca5361caa5599ae136bbda047b3d70f2857c81fc7

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/90fc19cf116053e010661e4e5ca83f20775e115bcc8c8ab37a1e6893cc5a9579

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample