MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e04d6e71187d48e516364df5e1d57005cf6d3bf581510ef944ae7f7480693a58. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e04d6e71187d48e516364df5e1d57005cf6d3bf581510ef944ae7f7480693a58
SHA3-384 hash: 9a33071975185fbebd6e68495ffc2eed1822c97f6c013bd2b27a57adf40934a0a72b048f5913ba5711bdf236b90c7b01
SHA1 hash: a855d1705b602e01bce07054d8a62c0208b977b8
MD5 hash: bb7342897c91fe20b17b14f66a3b8708
humanhash: lion-tango-football-jig
File name:e04d6e71187d48e516364df5e1d57005cf6d3bf581510ef944ae7f7480693a58
Download: download sample
Signature njrat
Create hunting rule
File size:113'664 bytes
First seen:2020-06-29 07:44:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'609 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 1536:bPg3VAuOXZPRc5hYa09smBGJojmKBmj+HHMqPnF8kH6oZEllAOBpCm3Cm3CRK:bfuO/5VujHqqkaoZEllAQpimSs
Threatray 512 similar samples on MalwareBazaar
TLSH 19B3B06CB7DC8F93D689977A98939B8023B2D1243947FB4B8BD4413AAC4377A2C41D53
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/15888/
Detection(s):
SecuriteInfo.com.Variant.Adware.BrowseFox.62.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e04d6e71187d48e516364df5e1d57005cf6d3bf581510ef944ae7f7480693a58/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-28 19:20:57 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4bgw44iypveokfrwjx26dvlqaxhw2o7vqfiq56kevz7xjadjhjma._file
Verdict:
malicious
Similar samples:
0299150a64cbdf7b7ec5048b5ddab864171910cf4ed9da586a44caa2228be443
njrat
2eaf25d2c99eb49743060031a22428bb7c8e78a99869638cfe43b977dda57f22
njrat
30aa96552ed6d03af50adcf6557a6ec3c3cb54f78fc50ee822d6d3c2bf70f9bc
njrat
4b1a2896d4203f63a22b95186b139b6fc02af494f60e33d796694f70cdb0f429
njrat
85534754bd3a7cda7234040ba7f0a4440fe85c198e28286ef22fbeb97b3de14b
njrat
a0045765610bd2c41ad8266c0e2266f6efb04c2767349ef323f35e6a47c6c6be
njrat
aed18091e44bb1a45419cd55517018c839a4c3463921c45b87f5ed7620a9a0c2
njrat
c9783969d5474b7035fab8eb6acfedd475ec7297cd8042f5a188b21c48b9491a
njrat
cc46386a34dedf7e75ceb2ca1d44cad29dfdd9822d85c2827fbfa114f3328dec
njrat
f98bb09a67afe83ca7b041488f460d2a8b96224d77f21117d5b0076e04706dd4
njrat
+ 502 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence evasion
Link:
https://tria.ge/reports/200629-2p6mc7qz8n/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies service
Adds Run entry to start application
Loads dropped DLL
Executes dropped EXE
Modifies Windows Firewall
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/15888/

Comments