MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ca1b3be0a86b0a15e7f875c23e541f692cbe58c2d455e685c09f0fcb5bd9a965. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

njrat

Vendor detections: 10

Intelligence 10 IOCs YARA 6 File information Comments

SHA256 hash:	ca1b3be0a86b0a15e7f875c23e541f692cbe58c2d455e685c09f0fcb5bd9a965
SHA3-384 hash:	62f64da5a20fcf73da5e3c837bb1487a8f38a550fc288327438f81df8bcc73bfdc2c4b6a6853bb0126c5334f4cbb35f7
SHA1 hash:	2a01ed827c6521900c933d3a0ee47f7e5eff1a2b
MD5 hash:	ac189390185909cd4138ef73a54e008f
humanhash:	summer-purple-vegan-stream
File name:	1729029846d0d0587a6310dfe2e29127dec87eb85e9961141f11ae0c68cc7d81b5df02f2df239.dat-decoded
Download:	download sample
Signature	njrat Create hunting rule
File size:	175'742 bytes
First seen:	2024-10-15 22:04:08 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
ssdeep	1536:O6DtkFouTE1J5/vERR+MuXwZmTBby1BwgjBiEERNUG15EHsVZq8DyS8lWd:3OFoA4JJET+MuXxbCBBONUG1m2NyvlWd
TLSH	T1A6043A23AF94541BD8574EF03C35E7A9BAA14E360B91EC0B62ADBB542A7164371F031F
TrID	42.6% (.EXE) Win32 Executable (generic) (4504/4/1) 19.4% (.ICL) Windows Icons Library (generic) (2059/9) 18.9% (.EXE) Generic Win/DOS Executable (2002/3) 18.9% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
Reporter	abuse_ch
Tags:	base64-decoded exe NjRAT

abuse_ch

Malware dropped as base64 encoded payload

Intelligence

File Origin

# of uploads :

# of downloads :

455

Origin country :

Vendor Threat Intelligence

Detection(s):

Win.Packed.njRAT-7445143-0

Win.Dropper.Detected-9941784-0

Win.Dropper.Nanocore-10030076-0

Verdict:

Clean

Score:

84.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=670ee71c1d4ef219fa631d53

Tags:

malware

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

cmd lolbin njrat phishing rat shell32

Link:

https://www.filescan.io/uploads/670ee717273403a3ef0fb1f4/reports/32ba5653-e2a4-4f2d-b822-f2a2a0dfb45b/overview

Verdict:

Suspicious

Labled as:

Packed.njRAT

Link:

https://www.hybrid-analysis.com/sample/ca1b3be0a86b0a15e7f875c23e541f692cbe58c2d455e685c09f0fcb5bd9a965

Result

Verdict:

MALICIOUS

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/eea9f874-c733-494c-bb11-3e9de1aa680b

Result

Threat name:

Mofksys, Njrat

Detection:

malicious

Classification:

spre.troj

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/1534535

Signature

Yara detected Mofksys

Yara detected Njrat

Behaviour

Behavior Graph:

Download SVG

Detection:

njrat

Link:

https://mwdb.cert.pl/sample/ca1b3be0a86b0a15e7f875c23e541f692cbe58c2d455e685c09f0fcb5bd9a965/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=zintxyfinmfblz7yoxbd4va7newl4wgc2rk6nboat4h4ww6zvfsq._file

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/241015-1zhaaszbkf/

Verdict:

Suspicious

Tags:

trojan

YARA:

Windows_Generic_Threat_7526f106

Link:

https://app.threat.zone/submission/b03ad7bf-bc27-459a-a219-805e3c317b5d

Unpacked files

SH256 hash:

ca1b3be0a86b0a15e7f875c23e541f692cbe58c2d455e685c09f0fcb5bd9a965

MD5 hash:

ac189390185909cd4138ef73a54e008f

SHA1 hash:

2a01ed827c6521900c933d3a0ee47f7e5eff1a2b

Detections:

win_njrat

Link:

https://www.unpac.me/results/4e27fcdb-24c2-4478-a0bb-72a5544b0556/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

NJRat

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/ca1b3be0a86b0a15e7f875c23e541f692cbe58c2d455e685c09f0fcb5bd9a965

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	NETexecutableMicrosoft Create hunting rule
Author:	malware-lu

Rule name:	Njrat Create hunting rule
Author:	botherder https://github.com/botherder
Description:	Njrat

Rule name:	njrat_v1 Create hunting rule
Author:	RandomMalware

Rule name:	SEH__vba Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	Windows_Generic_Threat_7526f106 Create hunting rule
Author:	Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

d0d0587a6310dfe2e29127dec87eb85e9961141f11ae0c68cc7d81b5df02f2df

njrat

exe ca1b3be0a86b0a15e7f875c23e541f692cbe58c2d455e685c09f0fcb5bd9a965

(this sample)

Dropped by

SHA256 d0d0587a6310dfe2e29127dec87eb85e9961141f11ae0c68cc7d81b5df02f2df

Dropped by

MD5 aef0679a770036005e6d1f38916893e8

URLhaus

https://urlhaus.abuse.ch/url/3236813/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample