MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 91b17a7ee859b19e35795d6cc3446562d59d00a821fd03697d87f4b2b49efebe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 91b17a7ee859b19e35795d6cc3446562d59d00a821fd03697d87f4b2b49efebe
SHA3-384 hash: ea4850e7ec6db7db372799a48593b7ee029efb3d9fe99986a4e36478d9c80ae15131c7e6a0b35fe57a666e895f3e1653
SHA1 hash: 12bc115a74ce3ab616fa8a0721f3eaa5feeee656
MD5 hash: b8ec1d791041ad9e4031c062f17be55c
humanhash: robert-yellow-green-summer
File name:WOT565-16BOB-PDF.GZ
Download: download sample
Signature njrat
Create hunting rule
File size:196'906 bytes
First seen:2020-08-05 12:04:09 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 3072:jVDTNIT9vgPIJxhOLC6dRTUDDIrtPqy8VNsIRjCzqMNlmSY5NkdE/HNp:xi9YgxhOL5oePm9RSRzmS0kdYHNp
TLSH 9914232052C4066353E26B3A27D0B4DF30E4378623B5D5DBEB288FA1F951688CE9077B
Reporter abuse_ch
Tags:ESP geo gz NjRAT RAT Santander


Avatar
abuse_ch
Malspam distributing njrat:

HELO: mail119.areaproject.net
Sending IP: 185.55.249.119
From: Factoring y Confirming - Grupo Santander <fycout@gruposantander.com>
Subject: Confirming - Aviso de pago
Attachment: WOT565-16BOB-PDF.GZ (contains "WOT565-16BOB-PDF.exe")

NjRAT C2:
yenhack.ddns.net:16051 (216.38.2.193)

Intelligence

File Origin
# of uploads :
1
# of downloads :
231
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.DrodZp-A.28232.16629.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/91b17a7ee859b19e35795d6cc3446562d59d00a821fd03697d87f4b2b49efebe/
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 12:06:06 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sgyxu7xilgyz4nlzlvwmgrdfmlkz2afieh6qg2l5q72lfne6727a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/91b17a7ee859b19e35795d6cc3446562d59d00a821fd03697d87f4b2b49efebe

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

njrat

gz 91b17a7ee859b19e35795d6cc3446562d59d00a821fd03697d87f4b2b49efebe

(this sample)

njrat

Executable exe dc7f689cc6adbf5d8e36008390ed2a79d59d0d3411f9e353ddacf236e695a615

  
Dropping
MD5 61d98360d8543a31b296a56bd2c451b6
  
Dropping
njrat
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dc7f689cc6adbf5d8e36008390ed2a79d59d0d3411f9e353ddacf236e695a615

Comments