MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ed105272dc3c77f54e7d170474afa6590a98477e6b076d7e5d1cf6c5e152319d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ed105272dc3c77f54e7d170474afa6590a98477e6b076d7e5d1cf6c5e152319d
SHA3-384 hash: 7227cec0f37cc1c5fdf82b709b9b81905da7bc661f4e6d9ff7e229ab394452bb20e6e78ed0b9e59673c71aac49c30b04
SHA1 hash: 7c587936ce67b9caef394b5e65d82641ec3c2b93
MD5 hash: 2b56116ea7b139d3b88917325da16496
humanhash: salami-alpha-steak-july
File name:ed105272dc3c77f54e7d170474afa6590a98477e6b076d7e5d1cf6c5e152319d
Download: download sample
Signature njrat
Create hunting rule
File size:1'404'574 bytes
First seen:2020-06-16 09:29:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d3bf8a7746a8d1ee8f6e5960c3f69378 (247 x Formbook, 75 x AgentTesla, 64 x SnakeKeylogger)
ssdeep 24576:TRmJkcoQricOIQxiZY1ia3dZ91ynhe29yEu7QgWfiLreYSbjxhSq:gJZoQrbTFZY1ia3dRH2IQgRSbFsq
Threatray 537 similar samples on MalwareBazaar
TLSH 0A55CF30F3894026C2F312B11D79B7A5972A24170326F9BF5BCC69E26D6C6712B19FE1
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/10691/
Detection(s):
SecuriteInfo.com.AutoIT-82.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2016-07-07 15:47:29 UTC
File Type:
PE (Exe)
Extracted files:
12
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5uife4w4hr37ktt5c4chjl5glefjqr36nmdw27s5dt3mlyksggoq._file
Verdict:
malicious
Similar samples:
25cfc68958a0cb5232d1e4bb1cddbf70b9494d3ef240337e2cedb9226c786b1c
njrat
289dc3caa29f5df0ba412aa2f96816d35858b5117afb7fb5e7a905aef7577b96
njrat
51aed8db193794512a9d60736c06a19890c3e12ff3b0b22ae77832169723debf
njrat
553b932611fdb66130ffe51b352b03c487cc0662a2ecf0708e3ddacb620cced0
njrat
703dca09e84a98247353b177d81f8b9db8b995a53230e1d78f86418c90d2ed58
njrat
7a8ef2bd1c4b9d15c7f174544a01feb7709164a23e748f9a0f769774243648e7
njrat
957fb8a83836c7891ef2a513d354439776e51c027b908193c9c7df269e42a7a9
njrat
a128bdfd9ccc0737d7fe955d49c44d17cfb119a832178aef3df23af772a2c04e
njrat
b6c28cb063a76219e1686cfa3c394de76921ee3ab4d315c22cee54dc6cea41a3
njrat
c96d7a2be148621094eb933be12d8c2bda0ae6f8f7c51dcbeca6ccd2b78ad4c7
njrat
+ 527 additional samples on MalwareBazaar
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
persistence trojan family:njrat evasion
Link:
https://tria.ge/reports/200624-met3z8kdra/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Modifies service
Legitimate hosting services abused for malware hosting/C2
Adds Run entry to start application
Drops startup file
Loads dropped DLL
Executes dropped EXE
Modifies Windows Firewall
njRAT/Bladabindi
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/10691/

Comments