MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9dcd9722bae8dd0260f641d522553454b3f7fbc8df49ebb989a9257f38f42cec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9dcd9722bae8dd0260f641d522553454b3f7fbc8df49ebb989a9257f38f42cec
SHA3-384 hash: 523c4bda6d4759ccb922fc766b7221453ef187a96fa28e3eda470addd8d35091e6039c77c174528a2f67434bb5ae0a7e
SHA1 hash: 572dcf32bf6f0cf0aa78df411372e2908f6f68d7
MD5 hash: 54eeb64b2b44f452052bf980ac0c7fba
humanhash: item-beryllium-princess-lamp
File name:54eeb64b2b44f452052bf980ac0c7fba
Download: download sample
Signature njrat
Create hunting rule
File size:301'056 bytes
First seen:2020-11-17 11:44:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'747 x AgentTesla, 19'642 x Formbook, 12'245 x SnakeKeylogger)
ssdeep 3072:h1lhVUeZHdlgDgLl70de4HM2YUexu0YgFlpB2aAhG3++lx9fcSG1aHVgpejui7CE:5H5lURdBHMlU8LFN2cfPEFe4MmfJYXf
Threatray 100 similar samples on MalwareBazaar
TLSH 4954E13262C2BE96E75A2EB1F17222881FB57D279A34DA0D7DDC00DD1176B49CB10E72
Reporter seifreed
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
118
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Taskun-9791093-0
Create hunting rule

Win.Packed.Generickdz-9792504-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching a process
Creating a file
Creating a file in the %temp% directory
Creating a process from a recently created file
Forced shutdown of a system process
Unauthorized injection to a system process
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9dcd9722bae8dd0260f641d522553454b3f7fbc8df49ebb989a9257f38f42cec/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-11 12:10:40 UTC
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=txgzoiv25doqeyhwihksevjuksz7p66i35e6xomjvesx6ohuftwa._file
Verdict:
malicious
Similar samples:
01eea9d80166f57f6fe65ac47695ffc74bac20e1de4743d44dbcc834e88fb7a4
njrat
0692a4e8916df354987539ff2781631f65e7b691df4f558b6b510ab5c63bd070
njrat
395aadc58bde92d29449ba1d349f39e73205f9e2794cbbbd397f85796c91de77
njrat
4ac466c76827f1d0ea87e1cd6e58df30d182e89920208ea888f1434b03f2e227
njrat
5e59fdc976c0b0230265eff944a997b11ceb8f088945f03f569d4d49396f43d0
njrat
7c2f0c42ed478e241d2fdb2580915342c5dbd50acc3fafa26908ae73a581eb3f
njrat
b8b373ce2f5835b617f904b50e5e594232982967ea1a12b35bd085c83aa057bb
njrat
d2adec41dcdb2142c210a4025572e29e1c011d079fa04504b35ab55c03376a16
njrat
f07787fba40b6e3e4e36a0a756db79e78c00f8bb665902c888d18b8e1c770537
njrat
fe9cf9f4d0469600816043ec62c509aee82e223af4ae582c9b537e649d4249cb
njrat
+ 90 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/201117-b82evk7vee/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies service
Suspicious use of SetThreadContext
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
cb951f1d2b5460456aad0d89cef1216d9be5e51784d11a92447d43e96177bd5e
MD5 hash:
8cd5d2014866f4ef60802ff1826998a6
SHA1 hash:
8ff75946905d0b117080cc5a07e6e0bbea4e9bbd
Link:
https://www.unpac.me/results/ebc8548b-a333-4185-a958-14f7e7cb1d70/
SH256 hash:
9dcd9722bae8dd0260f641d522553454b3f7fbc8df49ebb989a9257f38f42cec
MD5 hash:
54eeb64b2b44f452052bf980ac0c7fba
SHA1 hash:
572dcf32bf6f0cf0aa78df411372e2908f6f68d7
Link:
https://www.unpac.me/results/ebc8548b-a333-4185-a958-14f7e7cb1d70/
SH256 hash:
ec48170e9de44632227e5f3dbfc912bcc7510e6954c626446f9d7b36d78a0c41
MD5 hash:
d52bdb2c581465ad40f34455daf81573
SHA1 hash:
f64c82e23b772b9ceb41f8397c15963e6a728156
Detections:
win_njrat_w1
Create hunting rule
win_njrat_g1
Create hunting rule
Link:
https://www.unpac.me/results/ebc8548b-a333-4185-a958-14f7e7cb1d70/
Parent samples :
df91e3d8c094bb91bbc717a36ff7d42302b5f362aedde2333fac71cd42010a28
b85e964144a64d78fc54b4e6bae83ba6e1c7179f0a820f361c27f58842b6940a
81553f2de290ddf3a7dd40e0a8877781c8ac8cfb0fe5d0159a2b3ce3eda4c6f6
6e112a24130b1ef283d6966f4f84a9011fea4747e56c1884f75d449540a7c8df
3c62c78790e9af4f08177ae16bced8501967a30658db2c46fd638e48cfbc9b56
9dcd9722bae8dd0260f641d522553454b3f7fbc8df49ebb989a9257f38f42cec
SH256 hash:
ed8655be8a505ad52a9e18a99c7cfedb89431509bf14cafc2a16308a794a24f2
MD5 hash:
6b383b3d6cc77c46d73ae1dfe1deb4ca
SHA1 hash:
6239a5575b250a7aaa9288c9539dd13f21ec986a
Link:
https://www.unpac.me/results/ebc8548b-a333-4185-a958-14f7e7cb1d70/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments