MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0de65c408284dfddf6318980b138aa05015686c4371853070500ff84d18cd50. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a0de65c408284dfddf6318980b138aa05015686c4371853070500ff84d18cd50
SHA3-384 hash: 540aa1d5768dd3062b3e5dd87a5e382bc1def13a5a1855afdbb8fafdadf78c87547f2fd08998dcc184ef783b406e0e9a
SHA1 hash: cd9fe93276ce18a8c848e803fef62e8f9d687d66
MD5 hash: c9e9c19f50631e62d1aeefa056a0ab45
humanhash: freddie-autumn-single-carbon
File name:YNJuqkt9.exe
Download: download sample
Signature njrat
Create hunting rule
File size:163'328 bytes
First seen:2020-03-28 15:36:53 UTC
Last seen:2020-03-28 15:51:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'662 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 3072:ursucuNHn7s8Q5YccyYN8XnjFyAC2C0yhht1tQAvg3Ee:I7FxK3jkACPp7tQL
Threatray 309 similar samples on MalwareBazaar
TLSH 27F3D86F7988CB15DE582971C4DFA43043D1ADC71B32E28E3F4866A91D423E35D89BCA
Reporter johannes
Tags:NjRAT


Avatar
viql
njrat via https://pastebin.com/raw/YNJuqkt9

Intelligence

File Origin
# of uploads :
2
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Bladabindi-6862380-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Bladabindi
Create hunting rule
Status:
Malicious
First seen:
2020-03-28 12:02:17 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
27 of 31 (87.10%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=udpglraifbg73x3ddcmawe4kubibk2dminyykmdqkah7qtiyzvia._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
37a1dca413bedca841a9a633c04c77df208a7dcef64a26c799d01078805f8774
njrat
43a0c2443d1a63d4cc498bae9d459590b37379d5dd57a625545fa484a99d3fb6
njrat
4e890d4e6329b4ea3bc61d458e727a81cdf9358d6b5bedbd290aa85ed7a189d1
njrat
90f6d27c8269a6dbbfbcd3c6735ae51bcc1942defd21c547004b33265e85b7e2
njrat
9f1a15d397da38beca711d36c64eb697a9947bbf3a16b62809063a94f8eb0129
njrat
a6cb21742488b2257cc39988ced61f7ef5be6d3eff506c10fbc265aa560e6bd4
njrat
b8fbf85d1eab97ed168f99eb07d13294594675a051c2056b5374630d81fd974d
njrat
c994005280c186f67dc644ffbe88a9fcf43f45b16605c3f51a138dfc262b4c50
njrat
d873f30f48805a3dbab8c976665c26fc9c661e23f3b82f143fdd7346268b595a
njrat
eddd51c800bcea950c5ecb68356c2031f0903a5a070b108ac87a9eb1289588eb
njrat
+ 299 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/YNJuqkt9
  
Link
https://pastebin.com/raw/cKmNUcE3

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh

Comments