MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c33d8b5589880c1a82f257555f5dea36190e409cff9b2980ab80b314ccb11bae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c33d8b5589880c1a82f257555f5dea36190e409cff9b2980ab80b314ccb11bae
SHA3-384 hash: 5c203286e3981f1adade310da8b7130092573bb47244e5ee297b4344422bf6d5e8b50320261a95340af2b2e4c2461583
SHA1 hash: d89eb65e7e34187f2e929435d7030b2e3fceeb11
MD5 hash: 533854ec6bd5ec7ec7f82df0ed556a71
humanhash: earth-paris-apart-fillet
File name:c33d8b5589880c1a82f257555f5dea36190e409cff9b2980ab80b314ccb11bae
Download: download sample
Signature njrat
Create hunting rule
File size:111'616 bytes
First seen:2020-06-29 07:44:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'663 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 1536:YbsbT3Mc5jzD3YlAraANcZ2BsuFvLjuT1Wb1xu0yJdbnl:gsvMcd3YlAraARCT1UkJd7l
Threatray 58 similar samples on MalwareBazaar
TLSH 56B3107123FE920EF673BE70AFA4F2449EE6A6714115E68A2C44038A48F5D80DF76537
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Njrat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/15890/
Detection(s):
Win.Packed.Bladabindi-7082976-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c33d8b5589880c1a82f257555f5dea36190e409cff9b2980ab80b314ccb11bae/
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-06-25 00:41:05 UTC
File Type:
PE (.Net Exe)
Extracted files:
8
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ym6ywvmjragbvaxsk5kv6xpkgymq4qe476nstaflqczrjtfrdoxa._file
Verdict:
malicious
Similar samples:
0dd3510b1088c0dd5ebd7f3692d6eeec53009cd6fb8de87650bfaf71bc5dcd07
njrat
282406408e4499b5e5807fbb08409ae8c1456efb75281da653d366dad299d5df
njrat
31be15bca048be274cf57fe357a7fe192fdf045cd2c93c2e13a42972db30ddf8
njrat
448c36ca3546f4444da82e6889980c21bf6f148e6451a9cfb92ec60547b6c41b
njrat
490b24ae49c3a9a3c8f580ed6847c8c96f9027e5be9b122e49728c7dc8ee0498
njrat
5564f628b877cee2359d1b9321ec6c4ae20cd4d168ad678afeadf126608af514
njrat
bbf78b5fa17f5545ee34137874c4feaf707fa556256bc74bee80d58782cdd719
njrat
ddbf8cb72cd40ae9effa10fc0448600eedef3ab6891a9419eb6960d804a89bce
njrat
e34a91674a3a3aed881705d2f7deee4607a96a9abeb1a4a8fcbdbc9a3a560937
njrat
fca9b9de5070e3b30458c7477b01329ab8a84204f7c9ee633375f16c0d6df057
njrat
+ 48 additional samples on MalwareBazaar
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
evasion persistence trojan family:njrat
Link:
https://tria.ge/reports/200629-lygjln3r72/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies service
Adds Run entry to start application
Loads dropped DLL
Executes dropped EXE
Modifies Windows Firewall
njRAT/Bladabindi
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/15890/

Comments