MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d2d2b104754e2a49b15b4cbd675ddf2919d1820c58f7e495b9d786bb43785141. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d2d2b104754e2a49b15b4cbd675ddf2919d1820c58f7e495b9d786bb43785141
SHA3-384 hash: 6272f54d524dbe3e739c055be0d761fcc1f48e432d98bb793bcf8241e330ab7087041bbcdc555ef559645dba16d0b441
SHA1 hash: 6e684880b5aec80d22a5d3a41f23ba6029e46d88
MD5 hash: a391bcd63197d8ed4136e01e9c7eb56e
humanhash: victor-sweet-neptune-leopard
File name:d2d2b104754e2a49b15b4cbd675ddf2919d1820c58f7e495b9d786bb43785141
Download: download sample
Signature njrat
Create hunting rule
File size:237'568 bytes
First seen:2020-06-29 07:30:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 1536:FQxScpHrZ87RdLDWHIl87OZ7wQ/2hBjsVL5m:FQxS46LD9l876/2x
TLSH 3934A11334EA1489EFBF9BB1DF95EDBF89EDAD6E100E70BA21C1C60246259C1D811F61
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Njrat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/15680/
Detection(s):
Win.Dropper.Bladabindi-6871269-0
Create hunting rule

Win.Packed.Ursu-8015308-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d2d2b104754e2a49b15b4cbd675ddf2919d1820c58f7e495b9d786bb43785141/
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-06-22 05:18:39 UTC
File Type:
PE (.Net Exe)
Extracted files:
15
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2ljlcbdvjyvetmk3js6woxo7fem5daqmld36jfnz26dlwq3ykfaq._file
Verdict:
unknown
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
trojan family:njrat evasion persistence
Link:
https://tria.ge/reports/200629-qre451tzp6/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies service
Adds Run entry to start application
Loads dropped DLL
Executes dropped EXE
Modifies Windows Firewall
njRAT/Bladabindi
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/15680/

Comments