MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c567ebf113ee7d123c30633876fce2d6b242819fbf4ea34bbff6ac96193f06c3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

njrat

Vendor detections: 10

Intelligence 10 IOCs 4 YARA File information Comments

SHA256 hash:	c567ebf113ee7d123c30633876fce2d6b242819fbf4ea34bbff6ac96193f06c3
SHA3-384 hash:	0560836609cc5127aac3387a42bfe1467d35af9e5fe7158d3d687a1303132f6fad66b427c3d703c303f42c4d08ff620e
SHA1 hash:	11fa7500aafcbbb0a91480b59089edb4999d8dda
MD5 hash:	217b46553ddcb62bbd7969d32d0827fd
humanhash:	colorado-utah-winter-mockingbird
File name:	C567EBF113EE7D123C30633876FCE2D6B242819FBF4EA.exe
Download:	download sample
Signature	njrat Create hunting rule
File size:	498'913 bytes
First seen:	2021-12-08 19:36:08 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	fcf1390e9ce472c7270447fc5c61a0c1 (907 x DCRat, 118 x NanoCore, 94 x njrat)
ssdeep	12288:yRZ+IoG/n9IQxW3OBseDT+tG8bBUOd6LPEOsdw:82G/nvxW3Wdmai6LPEOsa
Threatray	1'412 similar samples on MalwareBazaar
TLSH	T115B4E002FDC194B2C6210D311629AB61653DBD201F24CFEBA3D86E6DDA351D0EB357AB
File icon (PE):
dhash icon	9494b494d4aeaeac (904 x DCRat, 486 x NirCmd, 172 x RedLineStealer)
Reporter	abuse_ch
Tags:	exe NjRAT RAT

abuse_ch

njrat C2:
3.131.207.170:12969

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
3.131.207.170:12969	https://threatfox.abuse.ch/ioc/268564/
52.14.18.129:12969	https://threatfox.abuse.ch/ioc/268565/
13.59.15.185:12969	https://threatfox.abuse.ch/ioc/268566/
3.22.53.161:12969	https://threatfox.abuse.ch/ioc/268567/

Intelligence

File Origin

# of uploads :

1

# of downloads :

253

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

C567EBF113EE7D123C30633876FCE2D6B242819FBF4EA.exe

Verdict:

Suspicious activity

Analysis date:

2021-12-08 19:38:51 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/fd0c672a-4adc-4739-9af9-fcbca51d9fd0

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/212610/

Detection(s):

SecuriteInfo.com.Trojan.Rasftuby.Gen.14.10239.27368.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Searching for the window

Сreating synchronization primitives

Searching for synchronization primitives

DNS request

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/1372/overview

Behaviour

MalwareBazaar

MeasuringTime

EvasionQueryPerformanceCounter

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

greyware overlay packed

Link:

https://www.filescan.io/uploads/61b1096047ed217c013621ab/reports/2e0825d5-6040-4dea-825f-e2ab3c452b3e/overview

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/a8e34e1f-9580-4f41-b170-48ca4469d5ef

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/904191

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c567ebf113ee7d123c30633876fce2d6b242819fbf4ea34bbff6ac96193f06c3/

Threat name:

ByteCode-MSIL.Backdoor.Bladabhindi

Status:

Malicious

First seen:

2021-03-01 16:34:57 UTC

File Type:

PE (Exe)

Extracted files:

38

AV detection:

16 of 28 (57.14%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=yvt6x4it5z6repbqmm4hn7hc22zefam7x5hkgs5762wjmgj7a3bq._file

Verdict:

malicious

Label(s):

njrat

Similar samples:

285b6700d98397dafa08816710eec9724407d49e270245e9a994c5ee8f9a40b4

309def552c446ea54ce932da7546242ccf13b5878c44a9b7f7b23237ff5d1edb

434c3b5ab0a2b53e04e4cdf6df69ab626919e3f5b9cffde95e178fe975d463b4

54622fa73246157a2e25e418d554d5ccafc663151ac067819d18f48caad9a32c

826a457a8a39e24ac925b31bcdb24fdb97bd468ff913a30ea2ce66d7bb52181d

8a6cb8e4c30304c28e48f7b231566f6cb6b0003f333ad391182d9e60ad822f81

c50488a31b6ce8d0ddd65b57bd27cf8c1bc86ad0382476f813c33083c5575d6f

d62f0e86c54f465b93bdab28f2ccc770999db63f8c69c937afcf66f9029eae3f

f19a67d1bda5510ca74f5a345ce1dfae91949bdfa6cfec36d4df2bc5f6f08a69

+ 1'402 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/211208-ybs1saadbm/

Behaviour

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Unpacked files

SH256 hash:

c567ebf113ee7d123c30633876fce2d6b242819fbf4ea34bbff6ac96193f06c3

MD5 hash:

217b46553ddcb62bbd7969d32d0827fd

SHA1 hash:

11fa7500aafcbbb0a91480b59089edb4999d8dda

Link:

https://www.unpac.me/results/469a474a-f1ea-46f9-ba66-15961c9dd5e3/

Malware family:

Winnti Group

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/c567ebf113ee/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/c567ebf113ee7d123c30633876fce2d6b242819fbf4ea34bbff6ac96193f06c3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/212610/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample