MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f351b45dca909ae305f9b2c0b4ea93b34a3e0a7ee7af98f541d9ce8e170314d7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f351b45dca909ae305f9b2c0b4ea93b34a3e0a7ee7af98f541d9ce8e170314d7
SHA3-384 hash: 0863d92e94387b4c2f96d7dc9a3117e0ee0394acb24384e13d94177dd08d28b72f22f43c730b6dffed710ab263526228
SHA1 hash: 42c349b38875bd353ce9f15fc2ccd306c9eb2703
MD5 hash: e7af5171e46dac5391b4e8ef4a8b8a6b
humanhash: item-virginia-charlie-avocado
File name:cuenta de cobro.r22
Download: download sample
Signature njrat
Create hunting rule
File size:124'193 bytes
First seen:2020-05-13 09:45:43 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 3072:w9AA6cz0yUN7Bdjtlc3ejaCLKSc6XWEptCmIz01U7tuP2gE:w9A3czbULdEO/jGi9Iz0m7wOgE
TLSH D7C312047F2ECEE4DA1D3CB6A8E5B09B82A211CB3C5161AF9F661F5811B671F54ACD02
Reporter abuse_ch
Tags:NjRAT Outlook r22 RAT


Avatar
abuse_ch
Malspam distributing njrat:

HELO: NAM11-DM6-obe.outbound.protection.outlook.com
Sending IP: 40.92.19.45
From: Central Financiero <cen-financiero@outlook.com>
Subject: cuenta de cobro
Attachment: cuenta de cobro.r22 (contains "cuenta de cobro.docm")

NjRAT payload URL:
http://37.59.90.90/dard/systen.exe

NjRAT C2:
kamikaze1089.duckdns.org:1089 (186.146.240.20)
lachuli10.duckdns.org:1021 (186.146.240.20
morty1998.duckdns.org:1021 (186.146.240.20)

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Document-Word.Downloader.Sload
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 03:26:00 UTC
File Type:
Binary (Archive)
Extracted files:
22
AV detection:
9 of 31 (29.03%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6ni3ixokscnogbpzwlalj2utwnfd4ct646xzr5kb3hhi4fydctlq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

njrat

rar f351b45dca909ae305f9b2c0b4ea93b34a3e0a7ee7af98f541d9ce8e170314d7

(this sample)

njrat

Executable exe bdf71dc56dfe42ac8a0e429c5ffea9f3f1940acfd9353f11f2587f326a09c726

njrat

Word file docm 42ef90cd86cbc255c937743dc9207f7d16b95bc3e178b6bdd5e7299847320f62

  
Dropping
MD5 65176316a898742993c5d97f22c5c3c1
  
Dropping
njrat
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 42ef90cd86cbc255c937743dc9207f7d16b95bc3e178b6bdd5e7299847320f62

Comments