MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f904d56fd3998c0316366864c6a8d08ddde1c679c22cc57fabb4141931ee89e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f904d56fd3998c0316366864c6a8d08ddde1c679c22cc57fabb4141931ee89e7
SHA3-384 hash: 8f7d4b5ba98a0e52d232baded893f9b044d0a9939c077b14d39050b905872d6423d6c59a8b5f12e626316be021c4fe76
SHA1 hash: 67646cba1e156472d7a563381bc6465edd0a8a58
MD5 hash: 0516eb2415292a47625cd693d98150de
humanhash: mango-carbon-sweet-oklahoma
File name:sD7HzMzN.exe
Download: download sample
Signature njrat
Create hunting rule
File size:18'944 bytes
First seen:2020-12-21 13:02:21 UTC
Last seen:2020-12-27 17:12:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'750 x AgentTesla, 19'656 x Formbook, 12'248 x SnakeKeylogger)
ssdeep 384:B4ODG7i0xeC9db2xzeyEuzpTXikdUFIqzLEYN:OOyGQI6a1YN
Threatray 81 similar samples on MalwareBazaar
TLSH 3582060A77F94915D2AC0AF84CF313548AB1D3878D22DBAF9CDC85DA6F536D01611EE8
Reporter pmelson
Tags:exe NjRAT

Intelligence

File Origin
# of uploads :
3
# of downloads :
355
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
sD7HzMzN.exe
Verdict:
Malicious activity
Analysis date:
2020-12-21 13:10:34 UTC
Tags:
trojan rat njrat bladabindi stealer SecurityXploded
Link:
https://app.any.run/tasks/5957831f-8914-4b77-bc32-16f9c608cdc0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Win.Packed.njRAT-7445143-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
DNS request
Creating a window
Connection attempt to an infection source
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/567377
Signature
.NET source code contains potential unpacker
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Uses dynamic DNS services
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f904d56fd3998c0316366864c6a8d08ddde1c679c22cc57fabb4141931ee89e7/
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-12-21 13:03:08 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7ecnk36ttggagfrwnbsmnkgqrxo6drtzyiwmk75lwqkbsmporhtq._file
Verdict:
suspicious
Similar samples:
0c54fdae9c1637415776fd41d3a99c59863e3902c81d11cf043d6ad778def454
njrat
4c91e5ce3dc54a407d6fce46eede37d2e2343f4db688e158e23abb543ce5a350
njrat
6d0bd4829b35828163e23260cd73a0319a50c06c2cf5352f44c83d50aa7bc9ba
njrat
760f59b25bbdb98569b57ca18a132b7aee310746e40695c779eaedc3014d1b31
njrat
7fe8a68f51433abab5f87d5d83632b97a73f22ccc186971efbe33ccb5b5c9988
njrat
8841139a2739207235aa3d30d6b9b58bf55ec221d75e48cf254c195e0f87778b
njrat
9c8b6744a1207e4af311e453d52170e0fe4f307167e27ddb92b5e05befeb94c6
njrat
b9c2b424ec3247e4b7a2f1affdaace6bd39223767b0a8af4a2dc92543e20479c
njrat
ed272a73e61d3ddc0f6d70e54387bb7f07821ebbf91dfa6fde536c5c1dabfc2e
njrat
f01ccdb00e0a3ee30e0015d928db9bdbdc7cfef6c00530ba22d522d1b596f218
njrat
+ 71 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201221-2ag2qndhla/
Behaviour
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
f904d56fd3998c0316366864c6a8d08ddde1c679c22cc57fabb4141931ee89e7
MD5 hash:
0516eb2415292a47625cd693d98150de
SHA1 hash:
67646cba1e156472d7a563381bc6465edd0a8a58
Link:
https://www.unpac.me/results/e0932dc1-4b3b-4728-a7f0-5f37e9713230/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
NJRat
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f904d56fd3998c0316366864c6a8d08ddde1c679c22cc57fabb4141931ee89e7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

njrat

Executable exe f904d56fd3998c0316366864c6a8d08ddde1c679c22cc57fabb4141931ee89e7

(this sample)

  
Link
https://www.virustotal.com/gui/file/f904d56fd3998c0316366864c6a8d08ddde1c679c22cc57fabb4141931ee89e7/detection
  
Delivery method
Distributed via web download

Comments