MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a4f850f05002e8a41697eb5b6d524c84a01a909696e41a2069834282779f9476. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a4f850f05002e8a41697eb5b6d524c84a01a909696e41a2069834282779f9476
SHA3-384 hash: e3f5093e6079ac1f03060cec9f8b633557a1efbf4c9dd935054e5bd77a8723e67320a8f66187501b3699172a68645de5
SHA1 hash: af4e40da8078cdedffe5468c087ba590f774c338
MD5 hash: a93934bfcdc7df3af76413b3fae5188e
humanhash: twelve-single-white-cardinal
File name:a4f850f05002e8a41697eb5b6d524c84a01a909696e41a2069834282779f9476
Download: download sample
Signature njrat
Create hunting rule
File size:169'472 bytes
First seen:2020-11-11 11:01:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 720f62ecaae027b5c3ec6686644322e9 (12 x njrat, 8 x RevengeRAT, 4 x AgentTesla)
ssdeep 3072:GR2YkAdX8OuLN0Fqu/dBopTBfFvj4bq57eX20mwu9z1c:GfkAt8Ou6FzqTB9vj48jT9K
TLSH 33F3AE10B5C0C2B3D4BB013648E6CB3A9A26353617BF95D3FB992FA66E113D096353C9
Reporter seifreed
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a process with a hidden window
Connection attempt
Launching the process to change the firewall settings
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a4f850f05002e8a41697eb5b6d524c84a01a909696e41a2069834282779f9476/
Threat name:
ByteCode-MSIL.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-11-11 11:03:17 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ut4fb4cqalukifux5nnw2usmqsqbveews3sbuidjqnbie547sr3a._file
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
family:njrat evasion persistence trojan
Link:
https://tria.ge/reports/201111-dqykrc9ncj/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies service
Modifies Windows Firewall
njRAT/Bladabindi
Unpacked files
SH256 hash:
a4f850f05002e8a41697eb5b6d524c84a01a909696e41a2069834282779f9476
MD5 hash:
a93934bfcdc7df3af76413b3fae5188e
SHA1 hash:
af4e40da8078cdedffe5468c087ba590f774c338
Link:
https://www.unpac.me/results/52bc4c57-3bdf-4de4-99b8-b76dd30d9f8f/
SH256 hash:
efcea02f70066384f0d3eb30aa488b1d5de0a43ca24a11dc74383ef81e89d684
MD5 hash:
7e358aa2f9c09d7e68b7040b302cb95b
SHA1 hash:
aeb976f2017dd085ba5fcf773d7122360082cd74
Link:
https://www.unpac.me/results/52bc4c57-3bdf-4de4-99b8-b76dd30d9f8f/
SH256 hash:
f732768688eca7758364f3be904497695553a4abe4dbc2af65a1350498af2a83
MD5 hash:
ee34f9ef83d225a393421ed9ddc5852f
SHA1 hash:
53d8f6340165fdf105ec92108282d2bebaf53b10
Detections:
win_njrat_w1
Create hunting rule
win_njrat_g1
Create hunting rule
Link:
https://www.unpac.me/results/52bc4c57-3bdf-4de4-99b8-b76dd30d9f8f/
Parent samples :
a4f850f05002e8a41697eb5b6d524c84a01a909696e41a2069834282779f9476
0cb7277fd5cb75df55a555c44d74cc513738a27578e0524bc8db9848968c2ac7
cebc70d2a5836d2a510eaf274a8e4e2e1ca815aa14fe31406cd05fda7ea7220b
90fc19cf116053e010661e4e5ca83f20775e115bcc8c8ab37a1e6893cc5a9579
deade334881a19f7363e189942a7870f8c5802731c3612bf014dacb78c4b5dc7
0fabf11cf290585e0c8bdb8e7842db113eed697996381a4693439b9009916930
a73fccf6d081c208ac2eedcca5361caa5599ae136bbda047b3d70f2857c81fc7
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments