MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f229ed07a73bf6f353a8429a9842aeb6c2e35a47f3b353bce93cca550efbbee4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



njrat


Vendor detections: 14


Intelligence 14 IOCs 1 YARA File information Comments

SHA256 hash: f229ed07a73bf6f353a8429a9842aeb6c2e35a47f3b353bce93cca550efbbee4
SHA3-384 hash: f63ba2db9ae82a74b966639ac3e0ef42d3a1d31d282c0f90ddde4b2d12c56c72d31102bfe4dbf250f5079cbca064996d
SHA1 hash: 3741755f8a11638209821a3cd7c01104acac184d
MD5 hash: 1f85c12fcd3232c577e5e8cc07fbf1e1
humanhash: oscar-triple-moon-uncle
File name:1f85c12fcd3232c577e5e8cc07fbf1e1.exe
Download: download sample
Signature njrat
File size:772'608 bytes
First seen:2022-08-05 07:35:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (31'209 x AgentTesla, 10'508 x Formbook, 5'466 x SnakeKeylogger)
ssdeep 12288:WqShIfQIKMR4LClwugCEzE3qA2nv1gfckf:4hIYIKMCigCEzE312nKck
Threatray 315 similar samples on MalwareBazaar
TLSH T14DF4920B5D78868AE1FA3530C6F670B3A273970BDD098A35697DE0C37E29DE904E7116
TrID 69.0% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
9.9% (.EXE) Win64 Executable (generic) (10523/12/4)
6.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
4.2% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon f0c4f2e9e8b0dcf0 (1 x AsyncRAT, 1 x njrat)
Reporter @abuse_ch
Tags:exe NjRAT RAT


Twitter
@abuse_ch
njrat C2:
91.109.186.4:5050

Intelligence


File Origin
# of uploads :
1
# of downloads :
291
Origin country :
NL NL
Mail intelligence
No data
Vendor Threat Intelligence
Malware family:
ID:
1
File name:
1f85c12fcd3232c577e5e8cc07fbf1e1.exe
Verdict:
Malicious activity
Analysis date:
2022-08-05 07:35:31 UTC
Tags:
trojan rat njrat bladabindi

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
–°reating synchronization primitives
DNS request
Using the Windows Management Instrumentation requests
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated packed
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Detection:
malicious
Classification:
troj
Score:
80 / 100
Signature
Antivirus / Scanner detection for submitted sample
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Njrat
Behaviour
Behavior Graph:
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Status:
Malicious
First seen:
2022-08-03 02:51:02 UTC
File Type:
PE (.Net Exe)
Extracted files:
18
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Result
Malware family:
Score:
  10/10
Tags:
family:njrat botnet:nyan cat trojan
Behaviour
Suspicious use of AdjustPrivilegeToken
njRAT/Bladabindi
Malware Config
C2 Extraction:
milla11.publicvm.com:5050
Unpacked files
SH256 hash:
9010de87160bd93e2d7dc3f452cddddd9ad6f9fa4af631e9f85a3302c65a55a2
MD5 hash:
746e62001ce94ff9277a0af42fb3b5c4
SHA1 hash:
8c8b6e8549b8669c85995bc1681742d494f0d7eb
SH256 hash:
f229ed07a73bf6f353a8429a9842aeb6c2e35a47f3b353bce93cca550efbbee4
MD5 hash:
1f85c12fcd3232c577e5e8cc07fbf1e1
SHA1 hash:
3741755f8a11638209821a3cd7c01104acac184d

Indicators Of Compromise (IOCs)


Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
91.109.186.4:5050 https://threatfox.abuse.ch/ioc/841461

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments