MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d7dfd69813e6a1c098cfe97696a4902cd4c1796f923ca8a179c2fb6066a91038. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d7dfd69813e6a1c098cfe97696a4902cd4c1796f923ca8a179c2fb6066a91038
SHA3-384 hash: 545dae41eefcb761049051b4be54c0209e668a91d9f73635d923e06b34ff131fde94fa2fe9a48139ace91d27ef158a63
SHA1 hash: 13864cf7cef590fc0e06f084007ff8e17b3e9f74
MD5 hash: c15afd8d041e129d623c088b2d5a793d
humanhash: spring-fish-one-sink
File name:CITA FISCAL Nº 00964673335 15 ABRIL DE 2020.UUE
Download: download sample
Signature njrat
Create hunting rule
File size:330'988 bytes
First seen:2020-08-13 05:49:45 UTC
Last seen:Never
File type: uue
MIME type:application/x-rar
ssdeep 6144:i8FRnD8UFXW/huLb8Waj+Qfk1iC0BqXMcy1/qt3+Z3aN8FP51:hvDpFG/Wbkx3Bgv43aOx1
TLSH E064233A8807A157F3633593FD5D1C8A8EFBE794D13C28E8D328AADA5064E5D3411C8B
Reporter abuse_ch
Tags:NjRAT Outlook uue


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: NAM12-BN8-obe.outbound.protection.outlook.com
Sending IP: 40.92.21.55
From: FISCAL SECCIONAL <fiscalia-regional@hotmail.com>
Subject: ORDEN DE CAPTURA
Attachment: CITA FISCAL Nº 00964673335 15 ABRIL DE 2020.UUE (contains "CITA FISCAL Nº 00964673335 15 ABRIL DE 2020.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
198
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d7dfd69813e6a1c098cfe97696a4902cd4c1796f923ca8a179c2fb6066a91038/
Threat name:
Win32.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-08-13 05:51:06 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=27p5ngat42q4bggp5f3jnjeqftkmc6lpsi6krilzyl5wazvjca4a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d7dfd69813e6a1c098cfe97696a4902cd4c1796f923ca8a179c2fb6066a91038

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

njrat

uue d7dfd69813e6a1c098cfe97696a4902cd4c1796f923ca8a179c2fb6066a91038

(this sample)

njrat

Executable exe b5bcbfe8ba02879ac963d4f9ed48203c934e80edb58b814129ad836544f2c3a3

  
Dropping
MD5 97d30363eb7508bf13bc524c18896abd
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b5bcbfe8ba02879ac963d4f9ed48203c934e80edb58b814129ad836544f2c3a3

Comments