MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a949a372d364a5043427eb1577c008168da96d8aaf6384169324c6826d579e2f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a949a372d364a5043427eb1577c008168da96d8aaf6384169324c6826d579e2f
SHA3-384 hash: 7f1e25890ce7a9ddb3a379c84f6bae9ae17f0919c519c9f19d49484cbff3e93c7e3efe2d21a2227dbccd2b85cca96a80
SHA1 hash: f904b56825cc8a598c25875ae57b8a95af6362a4
MD5 hash: 8a09cba600a996625723035c84c0a267
humanhash: coffee-fillet-nitrogen-leopard
File name:a949a372d364a5043427eb1577c008168da96d8aaf6384169324c6826d579e2f
Download: download sample
Signature njrat
Create hunting rule
File size:110'080 bytes
First seen:2020-06-10 11:51:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 1536:r4MOq8NQU5UGE2BeJJuF4iz6SYgvmcPUSomKf:runyGE2GuSizHKrp
Threatray 127 similar samples on MalwareBazaar
TLSH 10B3320125AE347BE0778EB26BFAFEF1CAFCD923550BA179108052164736E03AC4D5E6
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Ursu-8015308-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Casdet
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 02:01:55 UTC
File Type:
PE (.Net Exe)
Extracted files:
13
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vfe2g4wtmssqinbh5mkxpqaic2g2s3mkv5ryifutetdie3kxtyxq._file
Verdict:
malicious
Similar samples:
05a4f37dfd57637fe088ce4c3eb6aa5811f0187f336625d7b6ef19e6eb73dd0c
njrat
079a2a4be6a17ac3dbf734be79538047c1b06302184be7cf08fde01112d0b974
njrat
2a9a508675ddc595e04e01f996dbc2ddeaf5efd0fb0ef494646f341ea6930c15
njrat
51c8e10c77c9f131b207be4bff0e37a09cf4f24b3b941416ae22bc438d1730c4
njrat
9578c73e32a49d27b99b2114639831d359a73de4f895dd2a86cc15439e64fb8b
njrat
b0fcccae3067e57d0725eca21b6c416c9b42b26b6601a5c2d4a7dc20d72eb37a
njrat
b12734ce0e16f6c1f861e4bf0396ea6775f5588359bea2643e5716b5f6466c06
njrat
bd6f57de76732dbf244fb5efd8b53104b35c8b9fb5c3c99cc5ee2d0edd7d1f66
njrat
dc3402c4fa57f1c60a7951e79b0a595d24902ca23bd3174631101a05480a83f8
njrat
fac551f8ff156743a7f41bf36684691e87dfb123c027ea0541b962b3162e4c46
njrat
+ 117 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-dpqr4w2916/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Drops file in Windows directory
Drops desktop.ini file(s)
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments