MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eca376bab78ace2c217ac4b457502996385103ab111582448f87e8f5d740e191. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eca376bab78ace2c217ac4b457502996385103ab111582448f87e8f5d740e191
SHA3-384 hash: b3399c773ce1bc2b1ed7bbb4d9639ba1828160f1cfde6ef7bd906fb3cc712efaf5947d9c9346877a274a2d08bff22dd0
SHA1 hash: 0b444e21326add0573d7f791b10d10027e2f6389
MD5 hash: 41db1373e5192deac8a3ba69d8610366
humanhash: helium-moon-alaska-west
File name:eca376bab78ace2c217ac4b457502996385103ab111582448f87e8f5d740e191
Download: download sample
Signature njrat
Create hunting rule
File size:292'864 bytes
First seen:2020-06-29 07:28:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'753 x AgentTesla, 19'658 x Formbook, 12'249 x SnakeKeylogger)
ssdeep 6144:P8phQn4PcCOn+BNGLy3V/wRAyk5WmQAcY5VC7sFvim:P8Q4FOn+BNGLy3V/wRAyk5WmQAcY5VCQ
Threatray 158 similar samples on MalwareBazaar
TLSH FE54B52255EA16DCF77A177407E475ADC7FDED23C306E2B93E60228A4B32945ED42322
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Njrat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/15655/
Detection(s):
PUA.Win.Packer.NETCrypter-6309687-2
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/eca376bab78ace2c217ac4b457502996385103ab111582448f87e8f5d740e191/
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 00:23:08 UTC
File Type:
PE (.Net Exe)
Extracted files:
18
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5srxnovxrlhcyil2ys2foubjsy4fca5lcekyerepq7uplv2a4giq._file
Verdict:
unknown
Similar samples:
0c780ce6cb4281a12cf329e18bdf36b987e34dd15379a4c2f6f8e03ba56e13be
njrat
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
njrat
2fdb85c7a0a29e78f22e3b994c5835178f6b54162f4d72a224d9ac9d40c3b60f
njrat
3c630ef685a02e611037b6ae52a89d10355620ca159dd3fa136ca294ef2e7f7a
njrat
7cfa85e9c1bed641e7377f9d9730869a232979754f06667a365f50644b83035b
njrat
9fba6ffeb90dd242748718d8272a4942496e76a4f68bdb4dd42f93b044b5ed50
njrat
a9da529f0ad9088cec7e9441a7081084f417655533998caa004597a1bc6ef262
njrat
ce860f3976ba5df3c4465a4b60d12980677dccc961a9fa91555c7b9de14c3dd8
njrat
ea0357b26d0d24fab4f8b194871555a949aacd71755c3552ffd0f88fbb10c1be
njrat
f4bf1d1294fcdebf960a81bc8bdf14edb488c4d844a90ab100a1d5354f8cd443
njrat
+ 148 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion persistence
Link:
https://tria.ge/reports/200629-hkyslfpz3s/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies service
Adds Run entry to start application
Modifies Windows Firewall
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/15655/

Comments