MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 a73fccf6d081c208ac2eedcca5361caa5599ae136bbda047b3d70f2857c81fc7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
njrat
Vendor detections: 7
| SHA256 hash: | a73fccf6d081c208ac2eedcca5361caa5599ae136bbda047b3d70f2857c81fc7 |
|---|---|
| SHA3-384 hash: | dea0cdda333a44ea0ccac99ec69610f33d5fdbe539f7a6242d4beeb09fd897f86d02a812447a65051e4a5978742fdce0 |
| SHA1 hash: | d6a5703b2392dcaf4b51eb58b0b80087175b8753 |
| MD5 hash: | 4d017a691379841511237f4477f294f9 |
| humanhash: | echo-massachusetts-equal-alpha |
| File name: | a93934bfcdc7df3af76413b3fae5188e |
| Download: | download sample |
| Signature | njrat |
| File size: | 169'472 bytes |
| First seen: | 2020-11-17 14:06:02 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 720f62ecaae027b5c3ec6686644322e9 (12 x njrat, 8 x RevengeRAT, 4 x AgentTesla) |
| ssdeep | 3072:XRBoE5NGvxGLcjHU9SeH6PMTBfFvj4bq57eX20mwu9z1c:XUE5UvxGqHjUTB9vj48jT9K |
| TLSH | B2F3AE10B5C0C2B3D4BB013648E5CF359A26353A17AF95D3FB9A2FA66D112D09B353CA |
| Reporter |  seifreed |
| Tags: | NjRAT |
Intelligence
File Origin
# of uploads :
1
# of downloads :
154
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Sending a UDP request
Creating a window
Creating a process with a hidden window
Connection attempt
Launching the process to change the firewall settings
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Status:
Malicious
First seen:
2020-11-17 14:07:07 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
5/5
Detection(s):
Suspicious file
Result
Malware family:
njrat
Score:
10/10
Tags:
family:njrat evasion persistence trojan
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies service
Modifies Windows Firewall
njRAT/Bladabindi
Unpacked files
SH256 hash:
a73fccf6d081c208ac2eedcca5361caa5599ae136bbda047b3d70f2857c81fc7
MD5 hash:
4d017a691379841511237f4477f294f9
SHA1 hash:
d6a5703b2392dcaf4b51eb58b0b80087175b8753
SH256 hash:
b3d1401209a7bfa7500b8634b4191744452e6922b9fc05a33d48119cbc192a1a
MD5 hash:
6fcc075eaa5116b6c9050d22456da597
SHA1 hash:
14846dc5e091678d16d315e3ba724f90525657fa
SH256 hash:
f732768688eca7758364f3be904497695553a4abe4dbc2af65a1350498af2a83
MD5 hash:
ee34f9ef83d225a393421ed9ddc5852f
SHA1 hash:
53d8f6340165fdf105ec92108282d2bebaf53b10
Detections:
win_njrat_w1
win_njrat_g1
Parent samples :
a4f850f05002e8a41697eb5b6d524c84a01a909696e41a2069834282779f9476
0cb7277fd5cb75df55a555c44d74cc513738a27578e0524bc8db9848968c2ac7
cebc70d2a5836d2a510eaf274a8e4e2e1ca815aa14fe31406cd05fda7ea7220b
90fc19cf116053e010661e4e5ca83f20775e115bcc8c8ab37a1e6893cc5a9579
deade334881a19f7363e189942a7870f8c5802731c3612bf014dacb78c4b5dc7
0fabf11cf290585e0c8bdb8e7842db113eed697996381a4693439b9009916930
a73fccf6d081c208ac2eedcca5361caa5599ae136bbda047b3d70f2857c81fc7
0cb7277fd5cb75df55a555c44d74cc513738a27578e0524bc8db9848968c2ac7
cebc70d2a5836d2a510eaf274a8e4e2e1ca815aa14fe31406cd05fda7ea7220b
90fc19cf116053e010661e4e5ca83f20775e115bcc8c8ab37a1e6893cc5a9579
deade334881a19f7363e189942a7870f8c5802731c3612bf014dacb78c4b5dc7
0fabf11cf290585e0c8bdb8e7842db113eed697996381a4693439b9009916930
a73fccf6d081c208ac2eedcca5361caa5599ae136bbda047b3d70f2857c81fc7
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
0.80
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.