MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c2a645b457a4ba814aa0c116f2a501176531ce29d32a695c45c5022d6aabb271. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c2a645b457a4ba814aa0c116f2a501176531ce29d32a695c45c5022d6aabb271
SHA3-384 hash: e9b529b099003abb24386ca92839acff281d018537b2d68134f3cba279337717fb5228fd996767057e08a6ddf8e48f40
SHA1 hash: c6a980b06688c60bb163cbd9798d4915a70c67be
MD5 hash: b2d5023ae6a153d4ba28e07561197d72
humanhash: high-london-magazine-pasta
File name:c2a645b457a4ba814aa0c116f2a501176531ce29d32a695c45c5022d6aabb271
Download: download sample
Signature njrat
Create hunting rule
File size:20'115'020 bytes
First seen:2020-06-29 07:04:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 49091c5c46d1ed156931ed11f43d3afa (1 x NetWire, 1 x njrat, 1 x Arechclient2)
ssdeep 393216:GJXKr309br4WH9i+zk3xP+iXF4tP4UoXzV/Klnk/LCg+:GdKr309QWd3o3x56tgUsUnyOB
Threatray 303 similar samples on MalwareBazaar
TLSH 051733E1F1D9C9F2E5BCBA3039FD568C416A3D101999463F4B9E162B4DF36C08B09E62
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Malware.Speedingupmypc-6718419-0
Create hunting rule

PUA.Win.Trojan.Generic-6629273-0
Create hunting rule

Win.Trojan.Generic-6417450-0
Create hunting rule

Win.Packed.Generic-7672855-0
Create hunting rule

Win.Packed.njRAT-7672853-1
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c2a645b457a4ba814aa0c116f2a501176531ce29d32a695c45c5022d6aabb271/
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-06-24 00:58:22 UTC
File Type:
PE (Exe)
Extracted files:
3234
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yktelncxus5icsvayelpfjibc5stdtrj2mvgsxcfyubc22vlwjyq._file
Verdict:
malicious
Similar samples:
04a4d40515b77903bb9472b01aaf951f059236999665e847a660ed99d929b78b
njrat
28f39e656758b6c40db049e40bbfe958a7a20a754ea6531ccca3e4fdb8dcc66a
njrat
5276b591cc35064bcf552fbd676416e4b8c4c0cfce0e0cec7da9703bdd9fccb1
njrat
610c374d9fcc17102ba7dc8ee3ec5cb569c60d0e86f25b004dfe8d24781f8310
njrat
87c0e0f48bb2599f74c15f8f9e4d3bc96befad82a33de62f89d3bc76d546d8cd
njrat
9ae3d2baf3c382b46b56e3e50547bd83bd1d6cc85f82aadaf2281a1b404e5fa0
njrat
b3ea819ddfabf3e2060d9f8116e0952654d5bcdb5716f84ad142a6ab979b521a
njrat
b4bbfec518b34f417680149af477857ce1a27aa23eaceb4eb99d62230e376ba9
njrat
c6d93ae492f6a2b687c64cc388cf0a483f44428b843c5b384c156f018a2cf63c
njrat
e2136c8268bb5be4fe2a295a9bb9250c00437452cd3d65822290e3a68b1fb94b
njrat
+ 293 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/200629-48qr4bn8he/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Adds Run entry to start application
Drops startup file
Loads dropped DLL
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments