MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 91a51c0ed7c1cf2e5d3fdb73e6f99e13745f036d5bfbf6d8df47df154eacbf37. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 7


Intelligence 7 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 91a51c0ed7c1cf2e5d3fdb73e6f99e13745f036d5bfbf6d8df47df154eacbf37
SHA3-384 hash: ef783e3198d57fd18ea0a1c09c1f5521f0023f2ba487a9779f8ce7f54ac008d5fc14bd1dc7ac8bb909495ed1a6e2b2b5
SHA1 hash: 5836252d680cc35dcb6c815af1f753140c100660
MD5 hash: 27c64ab93bfb9bb8c8151bbeca141655
humanhash: speaker-hamper-snake-east
File name:27c64ab93bfb9bb8c8151bbeca141655.exe
Download: download sample
Signature njrat
Create hunting rule
File size:382'976 bytes
First seen:2021-04-02 20:25:30 UTC
Last seen:2021-04-02 20:47:58 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 6144:0bTP9U02w4QeRffd/pcL6pynUVg0Dr769mxXf+hC1W+/psvCC1amK:902w4QeRffd/pcL6pyUV5DNtm4m
Threatray 80 similar samples on MalwareBazaar
TLSH BA84B409AF6B9A95C29D82F9E0014051CBFDE690A94FF3CD18C5B9F03457B3A1DD29A3
Reporter abuse_ch
Tags:exe NjRAT RAT


Avatar
abuse_ch
njrat C2:
23.105.131.228:5355

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
23.105.131.228:5355 https://threatfox.abuse.ch/ioc/6587/

Intelligence

File Origin
# of uploads :
2
# of downloads :
251
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
27c64ab93bfb9bb8c8151bbeca141655.exe
Verdict:
No threats detected
Analysis date:
2021-04-02 20:27:46 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b87d74e3-029b-4dc8-8de7-046c1a0c8368

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/131873/
Detection(s):
SecuriteInfo.com.Mal.Generic-S.8793.11723.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Unauthorized injection to a recently created process
Creating a file
Enabling autorun by creating a file
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3a3ba05e-3595-4dd8-8179-76e02487a084
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.adwa.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/664031
Signature
.NET source code contains potential unpacker
Drops PE files to the startup folder
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Uses dynamic DNS services
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/91a51c0ed7c1cf2e5d3fdb73e6f99e13745f036d5bfbf6d8df47df154eacbf37/
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2021-03-31 00:11:00 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sgsrydwxyhhs4xj73nz6n6m6cn2f6a3nlp57nwg7i7prktvmx43q._file
Verdict:
malicious
Similar samples:
0712880b972cad9ec58187e7539ff826d2113ce5b48fbbe030a850811b32b921
njrat
5c4f702528c6a34f0088c459cacf963576aa1de96ca1d0b67becb5a11be579a3
njrat
8e3f5fd5bee4accb8b97a189288698796ef58595077f8598725f125c58b70485
njrat
9f1a15d397da38beca711d36c64eb697a9947bbf3a16b62809063a94f8eb0129
njrat
b295967168e9fc2f06437a12689122301171650aa213095bda2c1260d8f3c607
njrat
c08b6cb15ec45d44bde739241acb6403f92bffc565a006c11cbfb4f9c10806e1
njrat
d3de0cc9a70052bbc7f3711c6b3564d8492a5fd96c9055507959940a38aa76a1
njrat
eedded196860d1ef5a143268a85bc3951af23e55da8c12b8b1b58b42b9f443f1
njrat
f1c317dfe16f1857fe9df96ce966a07d3ca86680c39ae8e892277b78995cceb3
njrat
fad5d998c52c536d0ee9053d7f6a1d7dd2bd11d3cc91af90992cc08a70bc33eb
njrat
+ 70 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/210402-p9wf7ygq2x/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops startup file
Unpacked files
SH256 hash:
91a51c0ed7c1cf2e5d3fdb73e6f99e13745f036d5bfbf6d8df47df154eacbf37
MD5 hash:
27c64ab93bfb9bb8c8151bbeca141655
SHA1 hash:
5836252d680cc35dcb6c815af1f753140c100660
Link:
https://www.unpac.me/results/14185ac7-bc11-425c-805b-5740d296259d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
NJRat
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/91a51c0ed7c1cf2e5d3fdb73e6f99e13745f036d5bfbf6d8df47df154eacbf37

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/131873/

Comments