MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e1c6d4fa79af1e7487d0238e04b466a1bd697f4250cd9e6dfbb449636a360634. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

njrat

Vendor detections: 13

Intelligence 13 IOCs 1 YARA File information Comments

SHA256 hash:	e1c6d4fa79af1e7487d0238e04b466a1bd697f4250cd9e6dfbb449636a360634
SHA3-384 hash:	fb4202fe0a6c6189687f27ea48452b9c717c9584b375822e65ea5bc1d6144043ab371303c5a242d126bce26452cffff0
SHA1 hash:	3cc4f9d615f1875743a7a16e23b975b9a46cbcdc
MD5 hash:	60f4d3821780c93863af65395d5a58de
humanhash:	quebec-mississippi-may-asparagus
File name:	60f4d3821780c93863af65395d5a58de.exe
Download:	download sample
Signature	njrat Create hunting rule
File size:	395'576 bytes
First seen:	2022-03-23 19:22:13 UTC
Last seen:	2022-03-24 18:01:01 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	12e12319f1029ec4f8fcbed7e82df162 (388 x DCRat, 52 x RedLineStealer, 51 x Formbook)
ssdeep	6144:rTouKrWBEu3/Z2lpGDHU3ykJVX+tLC/UGpm6WR:rToPWBv/cpGrU3yUX+tLGUG86y
Threatray	1'425 similar samples on MalwareBazaar
TLSH	T1E284CF02BAC199B2D4621D321A796B21B93DBD202F75CEDF63D02A5DDA315C0DB317B2
File icon (PE):
dhash icon	9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter	abuse_ch
Tags:	exe NjRAT RAT

abuse_ch

njrat C2:
83.79.157.42:1414

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
83.79.157.42:1414	https://threatfox.abuse.ch/ioc/443519/

Intelligence

File Origin

# of uploads :

# of downloads :

361

Origin country :

n/a

Vendor Threat Intelligence

Detection:

njRat

Link:

https://www.capesandbox.com/analysis/256830/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Searching for the window

Сreating synchronization primitives

Searching for synchronization primitives

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/10965/overview

Behaviour

MalwareBazaar

MeasuringTime

EvasionQueryPerformanceCounter

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm bladabindi greyware njrat overlay packed setupapi.dll shdocvw.dll shell32.dll update.exe

Link:

https://www.filescan.io/uploads/623b73f3b94fb38cb4db41b6/reports/90883f15-542d-4237-a3b0-5103d9ce47cf/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Mimikatz

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/47f8a262-b4d6-4cdd-b623-2b43e0c68eb0

Result

Threat name:

njRat

Detection:

malicious

Classification:

troj.adwa.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/963108

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e1c6d4fa79af1e7487d0238e04b466a1bd697f4250cd9e6dfbb449636a360634/

Threat name:

ByteCode-MSIL.Backdoor.Bladabhindi

Status:

Malicious

First seen:

2022-03-19 17:03:00 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

26 of 39 (66.67%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=4hdnj6tzv4phjb6qeohajndgug6ws72ckdgz43p3wrewg2rway2a._file

Verdict:

malicious

Label(s):

njrat

1934ca02e1627b6127c65310ffe6be91e216d53bfa4b90d0fe5ec4912c17e4cd

njrat

3b4357ccbe5c7ec75510c453b4b191cf5f076babbf645938d4584ba9bc532e19

njrat

3e7cf8b2e3f6d13ecfccc5eb1cfb57dfe12303e3315500cecf37f53687a3c784

njrat

5ccee64d7cda44cac1e1ebe9be61d2888c2d28dfa0c8cf0e255fe8b153cad342

njrat

df70e51b8184f55f8c2ead6b202814b71417b0986aa71a56b5d1dd07275f084e

njrat

+ 1'415 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/220323-x3cx7sehfn/

Behaviour

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Unpacked files

SH256 hash:

987d3671232022ec0bb67afb556aea1581488bc53a0e2d68ac1ff05e3b2f67e0

MD5 hash:

47f980eaab976ffecd4b114a4cc416b3

SHA1 hash:

a4f823db49f39e033b4a96a1f0d8f401e655cbc7

Link:

https://www.unpac.me/results/66de0dfe-e6d0-4ef3-b52d-ff94852479b7/

SH256 hash:

e1c6d4fa79af1e7487d0238e04b466a1bd697f4250cd9e6dfbb449636a360634

MD5 hash:

60f4d3821780c93863af65395d5a58de

SHA1 hash:

3cc4f9d615f1875743a7a16e23b975b9a46cbcdc

Link:

https://www.unpac.me/results/66de0dfe-e6d0-4ef3-b52d-ff94852479b7/

Malware family:

njRAT

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/e1c6d4fa79af/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e1c6d4fa79af1e7487d0238e04b466a1bd697f4250cd9e6dfbb449636a360634

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/256830/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample