MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bbd3ecd9e9671d94e8897980c4eb9391ae9cb444615ed9a93b8221ae8fa66790. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bbd3ecd9e9671d94e8897980c4eb9391ae9cb444615ed9a93b8221ae8fa66790
SHA3-384 hash: 26a52bc37dc28a00406ac2fa1fb4c42100ca0fb92c860641bdf19eb8b50c32de2dae804957e0c4545f94c65044db4b55
SHA1 hash: a3447ba9b83f30284c6d3effb45c31ad9d5f258f
MD5 hash: f6eec1317ece3ffb7c4916e224d9734d
humanhash: harry-quebec-mississippi-uranus
File name:KFCvJMhW.exe
Download: download sample
Signature njrat
Create hunting rule
File size:104'448 bytes
First seen:2020-03-15 11:55:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'746 x AgentTesla, 19'628 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 1536:Fgx8sMH2ppvRD7z3gKpO6rYmQf4lTcpVRX3FjBqacD3tSYAx0dDF:ycW/F7zQKprrYuTcpZj+9SYA
Threatray 12 similar samples on MalwareBazaar
TLSH 31A36A082BECCA29E3BD0B7D77B5245C4BB0E253A523E75E1ED495B91A833C41A053E7
Reporter johannes
Tags:NjRAT RevengeRAT


Avatar
viql
revengerat via https://pastebin.com/raw/KFCvJMhW

Intelligence

File Origin
# of uploads :
1
# of downloads :
310
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.RevengeRat-6344273-0
Create hunting rule

Win.Malware.Razy-6862379-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Revengerat
Create hunting rule
Status:
Malicious
First seen:
2020-03-18 13:21:05 UTC
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xpj6zwpjm4ozj2ejpgamj24tsgxjzncemfpntkj3qiq25d5gm6ia._file
Verdict:
unknown
Similar samples:
00bc3d3ed9e762701b0b0bfd044936351985cefb19d67bb6d6adb2d0a71a37b6
njrat
0c34d4763fc968ccbe9f33dec2ae9e3e132a61b40ffc93cc22f337a0758c0279
njrat
2fbbe88ec8eff9ff1b939dd340ebb0fe74e60abf958f55b7044ad87dc426cd08
njrat
573f11821c72786131d82bcdb3744b83d01615c25489f4cf2c46181ae6143226
njrat
5f8cd119c7cc31eef0e66451fb05d5179c60850b2330ebcb76066dd289172a17
njrat
6ba80c4c0298efdf3e6a1cc0813f5e471cd41b33940a64b7507ddf715912401e
njrat
843097123a40e1442b2f08ce9c77ebc909a3e77e1ea3b6f21981a579ab2ea9be
njrat
ca6d29a08c87919d6afc8d462da5d96915684c8ca305fa89968690a09924f656
njrat
e7a2a500165fd1abfed725fd1e51c07d0317cc5a524677bb1069fca38561ce84
njrat
fc011eace2512506496bf193fd9589102d0e929dbf4f96aa2b7e8a960ebaef07
njrat
+ 2 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bbd3ecd9e9671d94e8897980c4eb9391ae9cb444615ed9a93b8221ae8fa66790

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/KFCvJMhW

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments