MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cebc70d2a5836d2a510eaf274a8e4e2e1ca815aa14fe31406cd05fda7ea7220b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cebc70d2a5836d2a510eaf274a8e4e2e1ca815aa14fe31406cd05fda7ea7220b
SHA3-384 hash: 3f48710cee5c59968180db856d55d7d76439c5626ffdc4aea0367931eeded64e0bb42fb5519480be0e246b988dec7a2f
SHA1 hash: d6cd48fa1feebd5a2ca58a2f403bc5ba1c4c8bc2
MD5 hash: b0aaebbca59d83f6b3bcd754b13fd194
humanhash: pluto-kitten-mockingbird-sixteen
File name:cebc70d2a5836d2a510eaf274a8e4e2e1ca815aa14fe31406cd05fda7ea7220b
Download: download sample
Signature njrat
Create hunting rule
File size:169'472 bytes
First seen:2020-11-12 14:08:43 UTC
Last seen:2024-07-24 21:33:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 720f62ecaae027b5c3ec6686644322e9 (12 x njrat, 8 x RevengeRAT, 4 x AgentTesla)
ssdeep 3072:oRe01Tn/48+2QS1D0xKBrTBfFvj4bq57eX20mwu9z1c:oH1T/F+2QS1Y4TB9vj48jT9K
Threatray 61 similar samples on MalwareBazaar
TLSH A2F3AE10B5C0C2B3D4BB113648E5CF359A26353A17BE95D3FB992FA66E113E09A313C9
Reporter seifreed
Tags:NjRAT

Intelligence

File Origin
# of uploads :
2
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a process with a hidden window
Connection attempt
Launching the process to change the firewall settings
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cebc70d2a5836d2a510eaf274a8e4e2e1ca815aa14fe31406cd05fda7ea7220b/
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-11-12 14:11:23 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=z26hbuvfqnwsuuiov4tuvdsofyokqfnkct7dcqdm2bp5u7vheifq._file
Verdict:
unknown
Similar samples:
2028ddda2340b3b970746b54e87062982d668a9314d84175d2a759426d2b23f9
njrat
2568dc1c5fbbec2e5a84dd95559dd89a8318d4eb1f501c33ed1d1bf861b4dca8
njrat
3f421e5ab11f7b67712cd164a875e0c78c4f13d697999392cab260bb73ca3a5a
njrat
43a0c2443d1a63d4cc498bae9d459590b37379d5dd57a625545fa484a99d3fb6
njrat
9da1f861a98dac43d6b98bc89ab8a8df5209e7f708bca7547ed76716d800e27d
njrat
a4b56ba3f208c1a1211cf2c9164b8b1da5406045fa80f32e4bb324886b10e611
njrat
b8fbf85d1eab97ed168f99eb07d13294594675a051c2056b5374630d81fd974d
njrat
bff28338bbadacd9bd733c2d87b16357874b8e9ff7cccdca89a330193fabc9f5
njrat
d873f30f48805a3dbab8c976665c26fc9c661e23f3b82f143fdd7346268b595a
njrat
eedded196860d1ef5a143268a85bc3951af23e55da8c12b8b1b58b42b9f443f1
njrat
+ 51 additional samples on MalwareBazaar
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
family:njrat evasion persistence trojan
Link:
https://tria.ge/reports/201112-mttpc1mf92/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies service
Modifies Windows Firewall
njRAT/Bladabindi
Unpacked files
SH256 hash:
cebc70d2a5836d2a510eaf274a8e4e2e1ca815aa14fe31406cd05fda7ea7220b
MD5 hash:
b0aaebbca59d83f6b3bcd754b13fd194
SHA1 hash:
d6cd48fa1feebd5a2ca58a2f403bc5ba1c4c8bc2
Link:
https://www.unpac.me/results/1d84295f-4c85-4dc2-9d60-143e45d42393/
SH256 hash:
a12b58e002f4e36b980fd45d277059682b3be971e59f1a162ace72ae29f93a17
MD5 hash:
f6388944954524af3f258ee8a4dd9b09
SHA1 hash:
f285e4dc9229e3463c5a8d149e45722c419c42d2
Link:
https://www.unpac.me/results/1d84295f-4c85-4dc2-9d60-143e45d42393/
SH256 hash:
f732768688eca7758364f3be904497695553a4abe4dbc2af65a1350498af2a83
MD5 hash:
ee34f9ef83d225a393421ed9ddc5852f
SHA1 hash:
53d8f6340165fdf105ec92108282d2bebaf53b10
Detections:
win_njrat_w1
Create hunting rule
win_njrat_g1
Create hunting rule
Link:
https://www.unpac.me/results/1d84295f-4c85-4dc2-9d60-143e45d42393/
Parent samples :
a4f850f05002e8a41697eb5b6d524c84a01a909696e41a2069834282779f9476
0cb7277fd5cb75df55a555c44d74cc513738a27578e0524bc8db9848968c2ac7
cebc70d2a5836d2a510eaf274a8e4e2e1ca815aa14fe31406cd05fda7ea7220b
90fc19cf116053e010661e4e5ca83f20775e115bcc8c8ab37a1e6893cc5a9579
deade334881a19f7363e189942a7870f8c5802731c3612bf014dacb78c4b5dc7
0fabf11cf290585e0c8bdb8e7842db113eed697996381a4693439b9009916930
a73fccf6d081c208ac2eedcca5361caa5599ae136bbda047b3d70f2857c81fc7
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/cebc70d2a5836d2a510eaf274a8e4e2e1ca815aa14fe31406cd05fda7ea7220b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments