MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c96d7a2be148621094eb933be12d8c2bda0ae6f8f7c51dcbeca6ccd2b78ad4c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c96d7a2be148621094eb933be12d8c2bda0ae6f8f7c51dcbeca6ccd2b78ad4c7
SHA3-384 hash: 2aca10a885ddb4a34ac6171f76b98e35f4e46b13da08963c3cba82904c080930cd34ec6c0ca790eb0f599f9fa78dbc6d
SHA1 hash: 160152ae7e91160beb52fb1cb3cd67a34f9d6675
MD5 hash: 10808e0d305498de1be45af0ecfb3f96
humanhash: cup-romeo-colorado-lion
File name:2yXhsS0g.exe
Download: download sample
Signature njrat
Create hunting rule
File size:24'064 bytes
First seen:2020-03-14 14:53:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'614 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 384:8c68yCaUVIhboNgfEimfkNzayS06vg5UhcpxH7ndmRvR6JZlbw8hqIusZzZ0os:i873kgNfoaf6ARpcnuH
Threatray 266 similar samples on MalwareBazaar
TLSH 8BB22A4E3FA98856C57C177496A59A5003B0D1870423EE2FCDC560DBAFB3AD92D4CAF8
Reporter johannes
Tags:NjRAT


Avatar
viql
njrat via https://pastebin.com/raw/2yXhsS0g

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.B-468
Create hunting rule

Win.Trojan.Ratenjay-1
Create hunting rule

Win.Trojan.Bladabindi-6192388-0
Create hunting rule

Win.Trojan.Generic-6417450-0
Create hunting rule

Win.Trojan.Generic-6454614-0
Create hunting rule

Win.Trojan.Generic-6454615-0
Create hunting rule

Win.Packed.Bladabindi-6804148-0
Create hunting rule

Win.Packed.Bladabindi-6917466-0
Create hunting rule

Win.Dropper.njRAT-7436651-0
Create hunting rule

Win.Packed.Generic-7672854-0
Create hunting rule

Win.Packed.Generic-7672855-0
Create hunting rule

Win.Packed.njRAT-7672853-1
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Bladabindi
Create hunting rule
Status:
Malicious
First seen:
2020-03-15 01:58:23 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
40 of 43 (93.02%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zfwxuk7bjbrbbfhlsm56clmmfpnavzxy67cr3s7mu3gnfn4k2tdq._file
Verdict:
malicious
Similar samples:
237494387c104ddeff1f3b40842da5cd430bf526663c0b10cf2979d8265397fc
njrat
25cfc68958a0cb5232d1e4bb1cddbf70b9494d3ef240337e2cedb9226c786b1c
njrat
553b932611fdb66130ffe51b352b03c487cc0662a2ecf0708e3ddacb620cced0
njrat
703dca09e84a98247353b177d81f8b9db8b995a53230e1d78f86418c90d2ed58
njrat
792fbf337e4d738502dba52638e1c20de4486e092e02f83db77e10ddb0ab448f
njrat
7a8ef2bd1c4b9d15c7f174544a01feb7709164a23e748f9a0f769774243648e7
njrat
957fb8a83836c7891ef2a513d354439776e51c027b908193c9c7df269e42a7a9
njrat
b6c28cb063a76219e1686cfa3c394de76921ee3ab4d315c22cee54dc6cea41a3
njrat
ba27536db363cf3a604908ecd21ca5b81b0b20e3f6f0447628b82e34240ae67a
njrat
c5b7facb1053e87d655699925bdd6391b047aea6740e26be0806240212419a5f
njrat
+ 256 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c96d7a2be148621094eb933be12d8c2bda0ae6f8f7c51dcbeca6ccd2b78ad4c7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/2yXhsS0g

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments