MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ca1853d3074292eade81b305acfcdc43286146e3811a60875a5fc8cef05f9239. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ca1853d3074292eade81b305acfcdc43286146e3811a60875a5fc8cef05f9239
SHA3-384 hash: 5a3ba98858795ecc79c76894f992171e0346dcb9e61da285277430c1aa8e9d485634407eb7a05d0eb8f1ad161489464e
SHA1 hash: dec21f86c4c9a29b23d26f9c53c178188947e689
MD5 hash: 28641f1ad43fcf15bc4fc6168f16e83c
humanhash: kansas-chicken-mockingbird-april
File name:ca1853d3074292eade81b305acfcdc43286146e3811a60875a5fc8cef05f9239
Download: download sample
Signature njrat
Create hunting rule
File size:124'928 bytes
First seen:2020-06-10 11:51:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 1536:H8ilB/jIZWuVQYeJ8fnJJuF4iz6SYgvmcPUSomHSG:HVl2DtC8PuSizHKry
Threatray 70 similar samples on MalwareBazaar
TLSH 95C3740121EA387AD0778E722FF5FAF5CAFDE9235507A67A108062064736B43A84D5F7
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Ursu-8015308-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Occamy
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 02:02:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
13
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zimfhuyhikjovxubwmc2z7g4imugcrxdqengbb22l7em54c7si4q._file
Verdict:
malicious
Similar samples:
27b86c92d6a04f4074462098e1ea9c0142816b66667effecb36ccde317458166
njrat
2b123fa8f08714a93a01db03bdf4ecd31d268d5d279900b9c67fec861c2bc11c
njrat
2d9788648b02d198623fcd299ff6b1853759f1bf026e5d47a5ee83b7e5a7791d
njrat
5e4cb5b794577345c50a2012ee0ece2301012527d17646d984a253781bcd39c9
njrat
658abc2cb751794b5b5da3a80ae68859d1fc51bafaffad7587e30ce84443b8b1
njrat
76494ca680d605eca75201ecf6c87bf1c6070c640e95bf3acfd633ac529a8487
njrat
b1998a0c1b801fdb6ac79dbda06dee6539eaf1d8a0e3c300a92339ce9151783d
njrat
b1e971ba689623d9fbc5befb741a9d9e046515a0c05d0adc27a165471bc6303d
njrat
b68844095af181c139ed272cb04e830f803770518ad9dd78cb789e8f4571b4c3
njrat
cf576ff11e89eb8d3825d6f545fb23a33be36955ee4e2208ad16a7b9df2c67df
njrat
+ 60 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-75a37qskzs/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Drops file in Windows directory
Drops desktop.ini file(s)
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments