MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ece291548741cfa88e0924aecf93cb1fbff986e8e7f5eecf222c01004fff2670. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ece291548741cfa88e0924aecf93cb1fbff986e8e7f5eecf222c01004fff2670
SHA3-384 hash: 1c7ee87b16a7bcf6b53b55998a3c65586b1b1629e0682fdeaca801197f804d686918c3ba1332dcd19983286b6c5df9f7
SHA1 hash: d5f02dfe3fa6a548a01143befb4aca95d368e614
MD5 hash: 3ac7bf5a058a0ba471756892fb04f53f
humanhash: jig-maryland-bulldog-utah
File name:8y1pSWm1.exe
Download: download sample
Signature njrat
Create hunting rule
File size:29'696 bytes
First seen:2020-03-19 13:39:16 UTC
Last seen:2020-03-19 13:41:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'665 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 768:Z4v/27NYsDkfZ2t8aqK3Je+BKh0p29SgR5u:am7N19rv35KhG29j5u
Threatray 231 similar samples on MalwareBazaar
TLSH A4D21A1937B84806C4BC0B74D931965756F486032912DFAFDED1A8DA9EF32E41A4CBE1
Reporter johannes
Tags:NjRAT


Avatar
viql
njrat via https://pastebin.com/raw/8y1pSWm1

Intelligence

File Origin
# of uploads :
2
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.B-468
Create hunting rule

Win.Trojan.Ratenjay-1
Create hunting rule

Win.Trojan.Bladabindi-6192388-0
Create hunting rule

Win.Trojan.Generic-6417450-0
Create hunting rule

Win.Packed.Bladabindi-7086597-0
Create hunting rule

Win.Dropper.njRAT-7436651-0
Create hunting rule

Win.Packed.Generic-7672854-0
Create hunting rule

Win.Packed.Generic-7672855-0
Create hunting rule

Win.Packed.njRAT-7672853-1
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Bladabindi
Create hunting rule
Status:
Malicious
First seen:
2020-03-20 00:42:50 UTC
AV detection:
41 of 45 (91.11%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
02df79a95ca91898b809871d3e9efa617146cadd6fb57a97056fb9b6622f62f4
njrat
31a51475efa61899f9136416538b6c0b008131dd8e7cb75aadcd306c66afcb8a
njrat
918f9caeebb7bb5faea1014a288eb2010e07100dd5303aae002368c50dac370f
njrat
9fc7649eec8fc91ad58d27badae903fce1dff83804a830b3606db194c232d653
njrat
a42ec09d5fcab03929ce3d0240cbc14f104c357c930fb2843521071df4827366
njrat
ac937327e25a96c0b3c79dfe0e8467444c87691910e0d90d89c81c9f830b0b02
njrat
b748c37f14082e151acc4c6677f19cdcd2cd26b6a8c7d6e768a090e8aecbb698
njrat
dbfb2fb740f0e4b05acc6074c798e65a6aa5ff8c9a8b7bed8f640aa1cd4153c7
njrat
dca1d9c848c823c2a06e7e4108c0b89c91b4f08a0909c91e537a060eba25b788
njrat
fb9b901516c88bfb84fc1142e6da07616ed0a20bfebbccf84076a119a4f704ba
njrat
+ 221 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ece291548741cfa88e0924aecf93cb1fbff986e8e7f5eecf222c01004fff2670

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/8y1pSWm1
  
Link
https://pastebin.com/raw/hAusiLpj

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments