MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dca1d9c848c823c2a06e7e4108c0b89c91b4f08a0909c91e537a060eba25b788. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dca1d9c848c823c2a06e7e4108c0b89c91b4f08a0909c91e537a060eba25b788
SHA3-384 hash: c9bacb590916eeecf1ffb9549b98727de8e70ee2247d47df5fc76dcf0f5541d8ddf95f002c83284c8a7872e898f41a6d
SHA1 hash: 2f104cd8d576865b6952eb91cf4cee0a644e57a0
MD5 hash: fc595000fbf80f8707191fe882801c90
humanhash: august-butter-mexico-maine
File name:fLGWabE9.exe
Download: download sample
Signature njrat
Create hunting rule
File size:29'184 bytes
First seen:2020-03-18 01:15:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 384:ZGhzxlXra97i0v8ytCEyn3TWChEFJ2OLwV0LE24ftbicoxwlqaFNnJH:QFD7Ov8k60L6tbh
Threatray 231 similar samples on MalwareBazaar
TLSH B9D2F90E37E78812C2BC1B7494A2925106FB92538497EFFF8DCA5CD64B7B1E10C409E9
Reporter johannes
Tags:NjRAT


Avatar
viql
njrat via https://pastebin.com/raw/fLGWabE9

Intelligence

File Origin
# of uploads :
1
# of downloads :
113
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.B-468
Create hunting rule

Win.Trojan.Ratenjay-1
Create hunting rule

Win.Packed.Bladabindi-7086597-0
Create hunting rule

Win.Packed.Generic-7672854-0
Create hunting rule

Win.Packed.Generic-7672855-0
Create hunting rule

Win.Packed.njRAT-7672853-1
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Bladabindi
Create hunting rule
Status:
Malicious
First seen:
2020-03-18 04:46:00 UTC
AV detection:
30 of 31 (96.77%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
02df79a95ca91898b809871d3e9efa617146cadd6fb57a97056fb9b6622f62f4
njrat
31a51475efa61899f9136416538b6c0b008131dd8e7cb75aadcd306c66afcb8a
njrat
918f9caeebb7bb5faea1014a288eb2010e07100dd5303aae002368c50dac370f
njrat
9fc7649eec8fc91ad58d27badae903fce1dff83804a830b3606db194c232d653
njrat
a42ec09d5fcab03929ce3d0240cbc14f104c357c930fb2843521071df4827366
njrat
ac937327e25a96c0b3c79dfe0e8467444c87691910e0d90d89c81c9f830b0b02
njrat
b748c37f14082e151acc4c6677f19cdcd2cd26b6a8c7d6e768a090e8aecbb698
njrat
dbfb2fb740f0e4b05acc6074c798e65a6aa5ff8c9a8b7bed8f640aa1cd4153c7
njrat
ece291548741cfa88e0924aecf93cb1fbff986e8e7f5eecf222c01004fff2670
njrat
fb9b901516c88bfb84fc1142e6da07616ed0a20bfebbccf84076a119a4f704ba
njrat
+ 221 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dca1d9c848c823c2a06e7e4108c0b89c91b4f08a0909c91e537a060eba25b788

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/fLGWabE9

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments