MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b12734ce0e16f6c1f861e4bf0396ea6775f5588359bea2643e5716b5f6466c06. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b12734ce0e16f6c1f861e4bf0396ea6775f5588359bea2643e5716b5f6466c06
SHA3-384 hash: 08fb6219b45bd790b7b12504f73537db62041a4c12761514e65ae8572776be5f22618f6c845e50a683708944c7d9a517
SHA1 hash: e8cdd17542056a0549c143916eac8bb1ae7894ca
MD5 hash: a2c60715dd8d1f5b9a59ed7a54cf49fb
humanhash: fifteen-ten-lion-bacon
File name:b12734ce0e16f6c1f861e4bf0396ea6775f5588359bea2643e5716b5f6466c06
Download: download sample
Signature njrat
Create hunting rule
File size:90'112 bytes
First seen:2020-06-10 11:52:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 1536:bGA/c5sZm8duct2iWEmpWHST7O/halFv0caCdV3iBGHie:bNLw8du6JmpB7O/harscaC3KGH
Threatray 156 similar samples on MalwareBazaar
TLSH B8934A0722CDBE92C93D017977779BD0D31DDD060226E31F28C4696A993A3C3B94A7E9
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 23:30:04 UTC
File Type:
PE (.Net Exe)
Extracted files:
13
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wettjtqoc33md6db4s7qhfxkm527kwedlg7kezb6k4lll5sgnqda._file
Verdict:
malicious
Similar samples:
05a4f37dfd57637fe088ce4c3eb6aa5811f0187f336625d7b6ef19e6eb73dd0c
njrat
079a2a4be6a17ac3dbf734be79538047c1b06302184be7cf08fde01112d0b974
njrat
2a9a508675ddc595e04e01f996dbc2ddeaf5efd0fb0ef494646f341ea6930c15
njrat
57233018ececa82dadc167ce51622ecb6b06a4c08753c951a2a5e91f4b3629de
njrat
9578c73e32a49d27b99b2114639831d359a73de4f895dd2a86cc15439e64fb8b
njrat
a949a372d364a5043427eb1577c008168da96d8aaf6384169324c6826d579e2f
njrat
bd6f57de76732dbf244fb5efd8b53104b35c8b9fb5c3c99cc5ee2d0edd7d1f66
njrat
d47e8c71a8d7cd1722e5b09574c818f4db65ecb4e9696fedbe738ff29f0a6305
njrat
dc3402c4fa57f1c60a7951e79b0a595d24902ca23bd3174631101a05480a83f8
njrat
f294c946b02272a213cbf77d976d7014888c0b1fed15771e9618f6d314849f8c
njrat
+ 146 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-ljp3vd1s92/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Drops file in Windows directory
Drops desktop.ini file(s)
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments