MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ecae8346cebcb3cff10fd572aa657218ac5845f77b6649602611bc7b2bfeb5f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ecae8346cebcb3cff10fd572aa657218ac5845f77b6649602611bc7b2bfeb5f6
SHA3-384 hash: 6385c3995d2e19cabb160403897807a78ed5ae01786c35974b9966bb273f5935ec7bf7579d7d29634ecf4a5b484b37b4
SHA1 hash: 5179e9ab8791b37238d2a5ae14ed5ce284483f71
MD5 hash: 6acac34758a2c32651c7b7e52de8aa51
humanhash: michigan-yankee-king-iowa
File name:Bill of Lading.img
Download: download sample
Signature njrat
Create hunting rule
File size:61'440 bytes
First seen:2022-10-27 14:42:22 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 192:ukR0qaLKw7oagHwp7h8stYcFmVc03KYs:RR5aLKw7obHU7hptYcFmVc03K
TLSH T1C453B600A3940171DAB6827638ABA7959733F75B1877CFA938CC591E3F235914B233E4
TrID 99.6% (.NULL) null bytes (2048000/1)
0.2% (.ATN) Photoshop Action (5007/6/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
0.0% (.ABR) Adobe PhotoShop Brush (1002/3)
0.0% (.SMT) Memo File Apollo Database Engine (88/84)
Reporter cocaman
Tags:DHL img NjRAT


Avatar
cocaman
Malicious email (T1566.001)
From: "Rajesh Karuppaiah (DHL IN) <rajesh.karuppaiah@dhl.com>" (likely spoofed)
Received: "from dhl.com (unknown [195.178.120.206]) "
Date: "26 Oct 2022 07:42:11 +0200"
Subject: "Bill of Lading"
Attachment: "Bill of Lading.img"

Intelligence

File Origin
# of uploads :
1
# of downloads :
170
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.RATX-gen.10862.1353.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ecae8346cebcb3cff10fd572aa657218ac5845f77b6649602611bc7b2bfeb5f6/
Threat name:
Win32.Trojan.Scarsi
Create hunting rule
Status:
Malicious
First seen:
2022-10-26 03:15:18 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
17 of 41 (41.46%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5sxigrwoxsz474ip2vzkuzlsdcwfqrpxpntesybgcg6hwk76wx3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ecae8346cebcb3cff10fd572aa657218ac5845f77b6649602611bc7b2bfeb5f6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SUSP_VBS_in_ISO
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects ISO files that contain VBS functions
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

njrat

img ecae8346cebcb3cff10fd572aa657218ac5845f77b6649602611bc7b2bfeb5f6

(this sample)

njrat

Executable exe 805351ec3e4849917c0cc226ca3b4a515ea6907f88ff7b615f050f343d09e59b

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 805351ec3e4849917c0cc226ca3b4a515ea6907f88ff7b615f050f343d09e59b
  
Dropping
njrat

Comments