MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 deade334881a19f7363e189942a7870f8c5802731c3612bf014dacb78c4b5dc7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: deade334881a19f7363e189942a7870f8c5802731c3612bf014dacb78c4b5dc7
SHA3-384 hash: 3fa296548cd74e724ec9c0d9337caa920297fc5798fbece86016908b93ceacce2f9b98e3502c5ea4f84d2fd5ae1904b6
SHA1 hash: accdc6933a4f2e3859dc4116fa5e673df8a30500
MD5 hash: 0da45a4bdb227165b4e4eb14b80a7356
humanhash: table-two-carpet-artist
File name:0da45a4bdb227165b4e4eb14b80a7356
Download: download sample
Signature njrat
Create hunting rule
File size:118'272 bytes
First seen:2020-11-17 11:42:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 1536:xlVqDDDDDDDDDDKk9whdS4MOH6Fae8qERNtfuQX3i3nMyIe/e7ezHoA9KyhYeLy7:xv414MPce8bV/ihIe/e7e9mrf
TLSH B2C3DF6837C8E252C82594F61E96C3A4852D7E54FFBED2A77686B30F2577F201850AB0
Reporter seifreed
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
116
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Creating a process with a hidden window
Connection attempt
Launching the process to change the firewall settings
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/deade334881a19f7363e189942a7870f8c5802731c3612bf014dacb78c4b5dc7/
Threat name:
ByteCode-MSIL.Trojan.Gorgon
Create hunting rule
Status:
Malicious
First seen:
2020-11-08 02:33:19 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=32w6gneidim7onr6dcmufj4hb6gfqattdq3bfpybjwwlpdcllxdq._file
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
family:njrat evasion persistence trojan
Link:
https://tria.ge/reports/201117-esh3jpwep6/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies service
Modifies Windows Firewall
njRAT/Bladabindi
Unpacked files
SH256 hash:
deade334881a19f7363e189942a7870f8c5802731c3612bf014dacb78c4b5dc7
MD5 hash:
0da45a4bdb227165b4e4eb14b80a7356
SHA1 hash:
accdc6933a4f2e3859dc4116fa5e673df8a30500
Link:
https://www.unpac.me/results/815038b6-1e18-4861-9cd9-97d5f41864e4/
SH256 hash:
f732768688eca7758364f3be904497695553a4abe4dbc2af65a1350498af2a83
MD5 hash:
ee34f9ef83d225a393421ed9ddc5852f
SHA1 hash:
53d8f6340165fdf105ec92108282d2bebaf53b10
Detections:
win_njrat_w1
Create hunting rule
win_njrat_g1
Create hunting rule
Link:
https://www.unpac.me/results/815038b6-1e18-4861-9cd9-97d5f41864e4/
Parent samples :
a4f850f05002e8a41697eb5b6d524c84a01a909696e41a2069834282779f9476
0cb7277fd5cb75df55a555c44d74cc513738a27578e0524bc8db9848968c2ac7
cebc70d2a5836d2a510eaf274a8e4e2e1ca815aa14fe31406cd05fda7ea7220b
90fc19cf116053e010661e4e5ca83f20775e115bcc8c8ab37a1e6893cc5a9579
deade334881a19f7363e189942a7870f8c5802731c3612bf014dacb78c4b5dc7
0fabf11cf290585e0c8bdb8e7842db113eed697996381a4693439b9009916930
a73fccf6d081c208ac2eedcca5361caa5599ae136bbda047b3d70f2857c81fc7
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments