MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ce30c428376eac3095f203ebe88f94a38737dc82f2ad018b2ae6c8569b389c5a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ce30c428376eac3095f203ebe88f94a38737dc82f2ad018b2ae6c8569b389c5a
SHA3-384 hash: 25b62fa82873b896092c76d2fe057d937c2d617157ea76a332fe3eae439bf7f288f22daefcd08f7c952bae065332d2a8
SHA1 hash: 692c437c4176be9e1b27e81697e501cbf0006022
MD5 hash: 056df398d65086f73dad7bcf3d2e5374
humanhash: sweet-three-eight-earth
File name:WO063507.vbs
Download: download sample
Signature njrat
Create hunting rule
File size:727 bytes
First seen:2021-08-11 06:09:57 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 12:dXVlTX7Fl9kQOGv9IXOMBNqZnSf+8irXWMMeRo8N5zliwqhP/jvVlg7:Tl7FeG9gOSNkHXLMeyMgV67
Threatray 423 similar samples on MalwareBazaar
TLSH T1AC014C00F911F1F39106F747DDF11379A6E7B6A498D1E991206C829F10BB4AE3E83E50
Reporter abuse_ch
Tags:NjRAT RAT vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
417
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/178104/
Detection(s):
SecuriteInfo.com.VBS.Agent.VRQtr.5046.15175.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/830636
Signature
Creates an undocumented autostart registry key
Obfuscated command line found
Sigma detected: Suspicious PowerShell Command Line
VBScript performs obfuscated calls to suspicious functions
Wscript starts Powershell (via cmd or directly)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ce30c428376eac3095f203ebe88f94a38737dc82f2ad018b2ae6c8569b389c5a/
Threat name:
Script.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2021-08-11 06:10:15 UTC
AV detection:
3 of 46 (6.52%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zyymikbxn2wdbfpsapv6rd4uuodtpxec6kwqdczk43efngzytrna._file
Verdict:
malicious
Similar samples:
03674af9c28f5702955756f95a9173954188deb1d4f14b0bc8f0457e9383d6db
njrat
56a430a18e93eee6f709348fba459a6f639c032c7718806c01a6ba522dd704e6
njrat
87f4a4c323f26710b7acdc123173fa63f4ccb4f3c8239dfaa489ee69ab89f7cc
njrat
88614f9e923a5d979c64bee190f05f0932bc01f351ded417c59e1b2a92be560b
njrat
a895ff58cb18d3a5fa3900d36f150c9a1bd213240f77ef8218fec015d6355825
njrat
ab59fbf0ee10b8c5428479b1f5dfdb5cfc87dd40407b3742814ab34611f32b1d
njrat
dcb73a0ea23548167bd5724418377fe1e8c88f1be3125c0df6cc89722bb26f33
njrat
eeeb29513e624adb88d3c2e9f89379361aa356001dc338cb6ec9034a48bdc2cd
njrat
f44394f10dd10600a8f25093e76fac442c594ea85debf6bfea0933766529f747
njrat
+ 413 additional samples on MalwareBazaar
Result
Malware family:
bitrat
Create hunting rule
Score:
  10/10
Tags:
family:bitrat persistence suricata trojan upx
Link:
https://tria.ge/reports/210811-ahteq8ky7j/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Adds Run key to start application
Blocklisted process makes network request
UPX packed file
BitRAT
BitRAT Payload
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
Malware Config
Dropper Extraction:
http://transfer.sh/1D1J5x9/JKD.txt
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/ce30c428376e/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ce30c428376eac3095f203ebe88f94a38737dc82f2ad018b2ae6c8569b389c5a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

njrat

Visual Basic Script (vbs) vbs ce30c428376eac3095f203ebe88f94a38737dc82f2ad018b2ae6c8569b389c5a

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/178104/

Comments