MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d6b1f8c5ddef7568c1985b99db389b4671d6cf3a4004866d93620553da133992. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d6b1f8c5ddef7568c1985b99db389b4671d6cf3a4004866d93620553da133992
SHA3-384 hash: b933439d3ce9a29d29213be81516d2cc6f19ab5df9bfb75842be63cd15a3c619a8bb2f28af87e6a60cabdc1355facb81
SHA1 hash: e089307fa242c1863e23dc34a692bdc9e898f807
MD5 hash: a0d19211372496727c7bdc673072e9bf
humanhash: lake-orange-yellow-sierra
File name:d6b1f8c5ddef7568c1985b99db389b4671d6cf3a4004866d93620553da133992
Download: download sample
Signature njrat
Create hunting rule
File size:247'808 bytes
First seen:2020-06-17 09:28:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 6144:iZ5h61cB6wKZ1XQa1O6I4PHTZYLgxMkQy:En6XQ4jPzZEvk
TLSH 0834F67128EE5148F1BFAB7D0AE0719597EFFA776703E51D2C21138A0923981DEE113A
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Njrat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/19358/
Gathering data
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 21:51:52 UTC
File Type:
PE (.Net Exe)
Extracted files:
10
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=22y7rro5552wrqmylom5woe3izy5ntz2iacim3mtmicvhwqthgja._file
Verdict:
unknown
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
persistence trojan family:njrat evasion
Link:
https://tria.ge/reports/200624-m6zm4btdh6/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies service
Adds Run entry to start application
Loads dropped DLL
Drops startup file
Modifies Windows Firewall
Executes dropped EXE
njRAT/Bladabindi
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/19358/

Comments