MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bedbcb43340c9c07dc601b696dfa3278df0c68ecfce2a4fd893a7b5e56a01de1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bedbcb43340c9c07dc601b696dfa3278df0c68ecfce2a4fd893a7b5e56a01de1
SHA3-384 hash: 7b62184f3ba5f8cf0474d1bcf1f17704cd42f9ab63912c8f61ba4660107bb48e2b029eaac8b093b8e6a4d326393d1513
SHA1 hash: 9a763065c7cb763cf3460695478841de80569835
MD5 hash: 993715b7c0bbc28fbc799b8bb56c18dd
humanhash: foxtrot-beer-bacon-nineteen
File name:bedbcb43340c9c07dc601b696dfa3278df0c68ecfce2a4fd893a7b5e56a01de1
Download: download sample
Signature njrat
Create hunting rule
File size:285'696 bytes
First seen:2020-07-06 07:06:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 6144:Ahn+RE5rk4m1z3q0GOEQ6X1+YmI+if9jATIkb7k7lQE:Y+krk4ez3qpX3XCIrRATH3k
Threatray 114 similar samples on MalwareBazaar
TLSH 5854127EEBA51069CD296777C9A3A00C466FCC458623CA9F11DC2F355F7384CCA8682B
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
170
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Njrat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/21050/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a process from a recently created file
Creating a window
Creating a process with a hidden window
DNS request
Launching the process to change the firewall settings
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun with Startup directory
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bedbcb43340c9c07dc601b696dfa3278df0c68ecfce2a4fd893a7b5e56a01de1/
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-06-13 03:17:34 UTC
File Type:
PE (.Net Exe)
Extracted files:
8
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=x3n4wqzubsoapxdadnuw36rspdpqy2hm7trkj7mjhj5v4vvadxqq._file
Verdict:
unknown
Similar samples:
276a602f80ffef482b3387d2d8e9f6b7b71db5344a5ad0d8a5514e3c5ee0948d
njrat
49bbc64881d66ec428ce3b2f670a2df89525391b1e608658c1d1b1758876d108
njrat
6aaa864e402f7233d8682cb17f374e6dc6d70c9e73a943ba322df717af320aaf
njrat
aee8ac76d0269071bbb702bb59f37ad12f7a42844af9d9522fa39e49682c3be9
njrat
cf67bb4f199395511b86a941b499edc0c34a4a3b12fc3161c0a5ef479f0b6601
njrat
d09722da6fd4b8eb8ba3ee4d8e8a7ffe2cd396c410fa074bcb9fd0b44e399cb9
njrat
e33cc945d6b0681de6b34b52f0cb609676cdf5f3ecf61f4122b64d7a7e74b5ca
njrat
e4aae9a8a9103086b7232aa674f4ba296e140a4baaa01eb86b0cd79305a5fd13
njrat
ebf0d8a9efaffe98c9bc9aabb24d9dee32a7662dca50e4010cc706c091463375
njrat
f2a9b8210e9545bf90468330a3afe70cbe26148b94658c49ff77cd59c733117b
njrat
+ 104 additional samples on MalwareBazaar
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
evasion persistence trojan family:njrat
Link:
https://tria.ge/reports/200706-hpsg1k4p1a/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies service
Adds Run entry to start application
Drops startup file
Loads dropped DLL
Executes dropped EXE
Modifies Windows Firewall
njRAT/Bladabindi
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/21050/

Comments