MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d6f0bfa0aa9e2b9004d36f51fff20f947adbaa6bbb7fffdde1fc37d105fa7257. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d6f0bfa0aa9e2b9004d36f51fff20f947adbaa6bbb7fffdde1fc37d105fa7257
SHA3-384 hash: 37378ec2e153343143bec70290a1d469ffad8c03f13086eeb9d53cc146c6de116eb9733cecd3b9f663e2e215dcd4f28c
SHA1 hash: a9087ef7e3773bc23c031ce336d0ecc8b428a5b3
MD5 hash: 347463b5116462ed939b0f0d3a4b27d6
humanhash: queen-magazine-massachusetts-carolina
File name:d6f0bfa0aa9e2b9004d36f51fff20f947adbaa6bbb7fffdde1fc37d105fa7257
Download: download sample
Signature njrat
Create hunting rule
File size:1'129'984 bytes
First seen:2020-06-29 07:19:19 UTC
Last seen:2020-06-29 07:45:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2e5467cba76f44a088d39f78c5e807b6 (131 x DCRat, 113 x njrat, 80 x RedLineStealer)
ssdeep 24576:LfErTNZX4WLjW3fHR7+SlTCzhsgd2aTeZcTn1GA1lacmw:LfEr3OPYEOWgd2mccbcA14b
Threatray 53 similar samples on MalwareBazaar
TLSH 753533B1F1C5DC6DE091AEB6FE4A04711ECD12B26A760562C924D0F238D0E7B2A2777D
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Njrat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/15533/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.34086055.7740.10854.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d6f0bfa0aa9e2b9004d36f51fff20f947adbaa6bbb7fffdde1fc37d105fa7257/
Threat name:
Win32.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-06-28 20:44:35 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=23yl7ifktyvzabgtn5i774qpsr5nxktlxn777xpb7q35cbp2ojlq._file
Verdict:
malicious
Similar samples:
16d8aa3dae24ba03bbc22093b96c73b303646cd7fb9829a857177c0cbe2ca724
njrat
1fc92ff3532cbd0ec4cae9bbda015ed847f7687758c22ccf59e362f47e6a35cd
njrat
5261874485f9fe16a78a558734e8652f93db1d544f3be331e7f6adc06f43ee98
njrat
571ec740451764b370c61813124b876d6bf8f0c2add56e57e7e8c00f494bc46e
njrat
5947d6a7fc4014628b957c4ed8ffff7c961f37f155cb814224a89e1f3700f060
njrat
5d4a8635a8bd54c96eb76c61ba879998437d96bc72557ef2be44183797e49149
njrat
610c374d9fcc17102ba7dc8ee3ec5cb569c60d0e86f25b004dfe8d24781f8310
njrat
82a92a627eea0fe47fa124940b5c020a557f5a5bcc347851e9d901a2f134ad30
njrat
e3bb8c334350185803b3863f71d6fced186b373e8768bb537e371dff11f74386
njrat
e7e5f0ac865dd8cec6539a3defbd09f15df7822b647fcd2e2f53555be98ad8e2
njrat
+ 43 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
persistence
Link:
https://tria.ge/reports/200629-ltkhv8p7fj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of NtSetInformationThreadHideFromDebugger
Adds Run entry to start application
Drops startup file
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Njrat
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect njRAT in memory

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/15533/

Comments