MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9674047cdeb47955d21e5b75cb78691622f0bc322a0476ecc5eb1c93e4644373. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9674047cdeb47955d21e5b75cb78691622f0bc322a0476ecc5eb1c93e4644373
SHA3-384 hash: 6735a2ab2bbc5a2b002cbefe6d7b8e91e044a318eeeea51af115dccda718fb446906e434b4ba5b1bbaf717456e2808b8
SHA1 hash: 1156357d1d28a6ae39e3b1ca5f512d9a337a5fbc
MD5 hash: 6fb2767bcd809ff07cf81dfb136e128e
humanhash: tennis-cup-uranus-bakerloo
File name:9674047cdeb47955d21e5b75cb78691622f0bc322a0476ecc5eb1c93e4644373
Download: download sample
Signature njrat
Create hunting rule
File size:24'064 bytes
First seen:2020-03-23 18:51:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'206 x SnakeKeylogger)
ssdeep 384:CHsqS+ER6vRKXGYKRWVSujUtX9w6Dglo61Z5DVmRvR6JZlbw8hqIusZzZKZ:Ccf65K2Yf1jKRpcnuR
Threatray 316 similar samples on MalwareBazaar
TLSH 26B22C4E3FA98856C9BC177489A5965003B4D1470423EE2FCCD554CBAFB3AD92D48AF8
Reporter Marco_Ramilli
Tags:exe NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.B-468
Create hunting rule

Win.Trojan.Ratenjay-1
Create hunting rule

Win.Trojan.Bladabindi-6192388-0
Create hunting rule

Win.Trojan.Generic-6417450-0
Create hunting rule

Win.Trojan.Generic-6454614-0
Create hunting rule

Win.Trojan.Generic-6454615-0
Create hunting rule

Win.Packed.Bladabindi-6804148-0
Create hunting rule

Win.Packed.Bladabindi-6917466-0
Create hunting rule

Win.Dropper.njRAT-7436651-0
Create hunting rule

Win.Packed.Generic-7672854-0
Create hunting rule

Win.Packed.Generic-7672855-0
Create hunting rule

Win.Packed.njRAT-7672853-1
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Bladabindi
Create hunting rule
Status:
Malicious
First seen:
2019-11-22 23:03:33 UTC
AV detection:
30 of 31 (96.77%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sz2ai7g6wr4vluq6ln24w6djcyrpbpbsfichn3gf5mojhzdeinzq._file
Verdict:
malicious
Similar samples:
237494387c104ddeff1f3b40842da5cd430bf526663c0b10cf2979d8265397fc
njrat
25cfc68958a0cb5232d1e4bb1cddbf70b9494d3ef240337e2cedb9226c786b1c
njrat
553b932611fdb66130ffe51b352b03c487cc0662a2ecf0708e3ddacb620cced0
njrat
703dca09e84a98247353b177d81f8b9db8b995a53230e1d78f86418c90d2ed58
njrat
792fbf337e4d738502dba52638e1c20de4486e092e02f83db77e10ddb0ab448f
njrat
7a8ef2bd1c4b9d15c7f174544a01feb7709164a23e748f9a0f769774243648e7
njrat
957fb8a83836c7891ef2a513d354439776e51c027b908193c9c7df269e42a7a9
njrat
ba27536db363cf3a604908ecd21ca5b81b0b20e3f6f0447628b82e34240ae67a
njrat
c5b7facb1053e87d655699925bdd6391b047aea6740e26be0806240212419a5f
njrat
c96d7a2be148621094eb933be12d8c2bda0ae6f8f7c51dcbeca6ccd2b78ad4c7
njrat
+ 306 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

njrat

Executable exe 9674047cdeb47955d21e5b75cb78691622f0bc322a0476ecc5eb1c93e4644373

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/321402/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments