MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f82f09ef86f1b0f90e672bc8cadc7e076177dbdaf199b29a9e4579aa6fba6086. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

njrat

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	f82f09ef86f1b0f90e672bc8cadc7e076177dbdaf199b29a9e4579aa6fba6086
SHA3-384 hash:	c2837a7c2701fa8f4349b5c08ba3989be2ae8d96f1579182d0ebc822b7e1d74492d488988dd4c2104389739ec66ae300
SHA1 hash:	d158494f810191ffe637db138c34cef48d4bd723
MD5 hash:	2b9f95afb6bdc1156593d550706674c6
humanhash:	avocado-uncle-grey-eight
File name:	ubb.tif
Download:	download sample
Signature	njrat Create hunting rule
File size:	56'832 bytes
First seen:	2020-10-13 13:16:51 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep	768:lJhdmnhoxKH01h9pXEkol/d3eJG53G73my86iCgko1dCGfWIfg/vdDyn:lHioIG23eJG53G73mxdvd1dtWI4u
Threatray	4 similar samples on MalwareBazaar
TLSH	0343BF497AE88F15C6BD07F64EB3531457BAD6874863D71B1CCA10DE0632B810660EFB
Reporter	srcr
Tags:	HttpFileServer NjRAT tif

srcr

Sample source: http://groups.us.to:69/ubb.tif

Intelligence

File Origin

# of uploads :

1

# of downloads :

154

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Njrat

Link:

https://www.capesandbox.com/analysis/70473/

Detection(s):

SecuriteInfo.com.MSIL.Kryptik.WZA.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a window

Connection attempt

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/489720

Signature

.NET source code contains potential unpacker

Binary contains a suspicious time stamp

Machine Learning detection for sample

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f82f09ef86f1b0f90e672bc8cadc7e076177dbdaf199b29a9e4579aa6fba6086/

Threat name:

ByteCode-MSIL.Backdoor.Bladabhindi

Status:

Malicious

First seen:

2020-10-13 13:18:08 UTC

AV detection:

21 of 29 (72.41%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=7axqt34g6gypsdthfpemvxd6a5qxpw626gm3fgu6iv42u352mcda._file

Verdict:

unknown

Similar samples:

19f763b4199e2bee6affbd7a92bcd07f0234a3351a82a3df0e25ed48af1dc724

44b243078780fae89a84ea0db444fd813a7b0dd80d5371d19c1fb22a28b164d9

898ab33196c09c002ad6806ff25b8713522c433f8f36f19d4479eef779e3e451

e50b45ac8a4821524d30603b391d45d07b2871bbbdfb54bee5267bf5d291fa27

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/201013-h12d6dxn9e/

Behaviour

Suspicious use of AdjustPrivilegeToken

Unpacked files

SH256 hash:

f82f09ef86f1b0f90e672bc8cadc7e076177dbdaf199b29a9e4579aa6fba6086

MD5 hash:

2b9f95afb6bdc1156593d550706674c6

SHA1 hash:

d158494f810191ffe637db138c34cef48d4bd723

Link:

https://www.unpac.me/results/8fa1613d-cc96-484d-b7e3-a0a3850aeff1/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/f82f09ef86f1b0f90e672bc8cadc7e076177dbdaf199b29a9e4579aa6fba6086

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

Cape

https://www.capesandbox.com/analysis/70473/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample