MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 f22de8d1f21ff5f203ca79aa38bc5128d87647b58d098191e7e8d11a9b888514. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
njrat
Vendor detections: 7
| SHA256 hash: | f22de8d1f21ff5f203ca79aa38bc5128d87647b58d098191e7e8d11a9b888514 |
|---|---|
| SHA3-384 hash: | c2c97915299de761d2589b76c58b053efd9b078694dc11c825cbbe01cd617efdf31fe8387d2bac4868e61502ada9ed1e |
| SHA1 hash: | 7ae64b93abb7e7fe660ac9fc1b4d58427670edc1 |
| MD5 hash: | 2350447f976a8ea53ffbc05df25a4d27 |
| humanhash: | aspen-uniform-six-fish |
| File name: | 2350447F976A8EA53FFBC05DF25A4D27.exe |
| Download: | download sample |
| Signature | njrat |
| File size: | 722'944 bytes |
| First seen: | 2021-05-03 21:50:38 UTC |
| Last seen: | 2021-05-03 22:56:33 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | e23a963fccd1777d5a12be543854846a (1 x njrat) |
| ssdeep | 12288:gV672ol/gUp3QspKtZtcT+R+EdrVfONS6EGClcyv4AD9I0zYpHLEIQ3xOKy:gVolTQBtZ+T+CS6ErVJmHLTQhOKy |
| Threatray | 1 similar samples on MalwareBazaar |
| TLSH | EAF48D28D715D03AF0DA00BEA1AF53536424BA71534259D3F3D09EDA52B92D2AE32F37 |
| Reporter |  abuse_ch |
| Tags: | exe NjRAT RAT |
Indicators Of Compromise (IOCs)
Below is a list of indicators of compromise (IOCs) associated with this malware samples.
| IOC | ThreatFox Reference |
|---|---|
| 141.255.153.164:5552 | https://threatfox.abuse.ch/ioc/28512/ |
Intelligence
File Origin
# of uploads :
3
# of downloads :
157
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Njrat
Result
Verdict:
Clean
Maliciousness:
Behaviour
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
64 / 100
Signature
Antivirus / Scanner detection for submitted sample
Binary or sample is protected by dotNetProtector
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Threat name:
ByteCode-MSIL.PUA.PvLogNetProtector
Status:
Malicious
First seen:
2021-04-29 01:29:00 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
1/5
Detection(s):
Malicious file
Verdict:
unknown
Result
Malware family:
n/a
Score:
8/10
Tags:
persistence
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Views/modifies file attributes
Enumerates physical storage devices
Drops file in Windows directory
Adds Run key to start application
Drops startup file
Executes dropped EXE
Unpacked files
SH256 hash:
f06972ad25ac21f71abf83c58c1e0376027bd8f76465d1f645035bc1e126efb5
MD5 hash:
c5523908e37c3a4271c92e8d6c0de79b
SHA1 hash:
a7febe9538926fc8271937b0a05b52e8a43322a6
SH256 hash:
a27c786b924e01ff75fcb3f003809a74f51e273b68f79cc508c87b79d1f3048e
MD5 hash:
9f523da01d05e0f85afbb6cac6a84bae
SHA1 hash:
a27a3a95695eaf03b78e136686dfc130b2bd018a
SH256 hash:
f22de8d1f21ff5f203ca79aa38bc5128d87647b58d098191e7e8d11a9b888514
MD5 hash:
2350447f976a8ea53ffbc05df25a4d27
SHA1 hash:
7ae64b93abb7e7fe660ac9fc1b4d58427670edc1
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [B0001.025] Anti-Behavioral Analysis::Software Breakpoints
1) [B0012.001] Anti-Static Analysis::Argument Obfuscation
2) [B0030.002] Command and Control::Receive Data
3) [B0030.001] Command and Control::Send Data
4) [C0011.001] Communication Micro-objective::Resolve::DNS Communication
5) [C0001.009] Communication Micro-objective::Initialize Winsock Library::Socket Communication
6) [C0001.006] Communication Micro-objective::Receive Data::Socket Communication
7) [C0001.007] Communication Micro-objective::Send Data::Socket Communication
8) [C0001.001] Communication Micro-objective::Set Socket Config::Socket Communication
9) [C0029.002] Cryptography Micro-objective::SHA1::Cryptographic Hash
10) [C0029] Cryptography Micro-objective::Cryptographic Hash
11) [C0027.009] Cryptography Micro-objective::RC4::Encrypt Data
12) [C0021.004] Cryptography Micro-objective::RC4 PRGA::Generate Pseudo-random Sequence
13) [C0021.003] Cryptography Micro-objective::Use API::Generate Pseudo-random Sequence
14) [C0025.001] Data Micro-objective::QuickLZ::Decompress Data
16) [C0051] File System Micro-objective::Read File
17) [C0007] Memory Micro-objective::Allocate Memory
18) [C0036.004] Operating System Micro-objective::Create Registry Key::Registry
19) [C0036.003] Operating System Micro-objective::Open Registry Key::Registry
20) [C0036.006] Operating System Micro-objective::Query Registry Value::Registry
21) [C0040] Process Micro-objective::Allocate Thread Local Storage
22) [C0042] Process Micro-objective::Create Mutex
23) [C0038] Process Micro-objective::Create Thread
24) [C0041] Process Micro-objective::Set Thread Local Storage Value
25) [C0018] Process Micro-objective::Terminate Process
26) [C0039] Process Micro-objective::Terminate Thread