MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e50b45ac8a4821524d30603b391d45d07b2871bbbdfb54bee5267bf5d291fa27. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e50b45ac8a4821524d30603b391d45d07b2871bbbdfb54bee5267bf5d291fa27
SHA3-384 hash: 5ebba3e9b597de8ca52257b056624d8950f22a1dea75d5a3adc08b71af3d713343376c815adf7c181b828560f8d820af
SHA1 hash: 67b690459fe18b58ef5eb48c429d00ba5d7a7b2f
MD5 hash: 8c6d73efd1484d2378c1cc74c21c8682
humanhash: queen-nebraska-double-stairway
File name:Project1.exe
Download: download sample
Signature njrat
Create hunting rule
File size:148'480 bytes
First seen:2020-08-04 19:21:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 3072:mBC/uQiaRi86CkQJlFAqkSZOAmMxQwUm5+UW/832GhNvj1Odly5:+QZRi86CkEqC2GhN+l
Threatray 464 similar samples on MalwareBazaar
TLSH 27E3B54039AE8BA6D779C7F911B2A4150BB5320F22BDD2CD4DC360CF5A75F404A62EA7
Reporter James_inthe_box
Tags:exe NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
260
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Njrat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/38895/
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WZA.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
DNS request
Connection attempt
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/409926
Signature
.NET source code contains potential unpacker
Binary contains a suspicious time stamp
Machine Learning detection for sample
May check the online IP address of the machine
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e50b45ac8a4821524d30603b391d45d07b2871bbbdfb54bee5267bf5d291fa27/
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-08-04 19:20:59 UTC
File Type:
PE (.Net Exe)
Extracted files:
2
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4ufullekjaqvetjqma5tshkf2b5sq4n3xx5vjpxfez57luur7itq._file
Verdict:
unknown
Similar samples:
0271cac01b1b21162fbcc41a352d6d328c58aaea82943dae8db690a6f05aabb0
njrat
06dc2ec5236a90bb95beb6d6e524ffd81c64edc88ba89d01743c224d6585674e
njrat
200bba1fb5b7880c75ddb30bead5de040d079208d6f8fb3ce9bd3e2cb9e69a69
njrat
5f5e348e8dbe8f7d7d97abefd6a2d686569a65720b97827082b2a82fb0430670
njrat
6397766c93f68812ec58ed674ee32c468ce131ee7e43637d138569d8ad03697b
njrat
7ddcc953ccef254443126b85143a138812eb70755b5723538b299094ad19bc8f
njrat
81b26504ee095df57c80e9ea296b04b722f54a3b5b4e28047134768f7972edfc
njrat
84dd753eb32401aed1b0702e7c52c7d9317fd55c26348b9b2a64eae4943d028f
njrat
9bf180bb7b3cc0fcc6d01b68e2aa82d2f853e081ec71e34942d875324a2415b4
njrat
c34742f6021c620e0dadec87393ece9a46df90d2459dedb275b34f09bbbe8e21
njrat
+ 454 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200804-6rwzb9w5an/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of AdjustPrivilegeToken
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
NJRat
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e50b45ac8a4821524d30603b391d45d07b2871bbbdfb54bee5267bf5d291fa27

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/38895/

Comments