MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f95573e18dd16600bedc2ab6917774a91603d5e90ae5deccfa969a8311802972. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f95573e18dd16600bedc2ab6917774a91603d5e90ae5deccfa969a8311802972
SHA3-384 hash: 2c184b402090977e6011e631512e6077d9d761d3fdccd755bf3cf271b4575a477217c847f2d019c34e8758e544e95eb8
SHA1 hash: 1725fd0ab39c9ba1a81713392cc3909fb9fe0836
MD5 hash: 331da878f1378bc8e29975fb48034cba
humanhash: alpha-sierra-steak-salami
File name:331da878f1378bc8e29975fb48034cba.exe
Download: download sample
Signature njrat
Create hunting rule
File size:196'096 bytes
First seen:2020-05-13 16:25:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 3072:K/tF+q6YVAutFWl7r+p7SJofpNIgGBSa/IKSGiTKb8hRix:K/nL67RpmugGEIIK7p6i
Threatray 56 similar samples on MalwareBazaar
TLSH C914BF427B844352F52814B7C0FF152403E9AE87A6B3E36ABF9832DE5D027969C45F8D
Reporter abuse_ch
Tags:exe NjRAT RAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Msilperseus-7772566-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Bladabindi
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 03:27:55 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7fkxhymn2ftabpw4fk3jc53uvelahvpjbls55th2s2nigemaffza._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
59b230d608d121a6969fa2eab41b020c57f99328319ebd92ef00cb4081562589
njrat
618f4050d767d0c8f835ec3fa9e46b85b9291062a2e381122852238fa84c95f7
njrat
72146e890efa1de6ee90e445ceb11ad9dc3b053fa5e82757756a393ee4617a77
njrat
733036ae8101048351d1cf684fe1bc02c1cf7a70725a470bec7cbd59a602738b
njrat
b2f041348835c102db3769245ee4c28dd00cb19c3c6710fc9c11228f3bbce61b
njrat
bd343b1b5db4f37db72ebf4abba33431c9e28fbb845e847ee1184270c8807204
njrat
eac957f655d15206f8875a31eb0b225040ee39015ff01189901f78230e39c33f
njrat
f1d81ae5a4ea7a71d5d7147565fecca141a8e03148ef3c9e7583b9159923d17a
njrat
f41d910195a48409a0d7047fa3e9d2d62b19361c92f8f2f045d9a4ba7a0e869e
njrat
f9b03c723f0707c47dc00e0d77ac55559d2cd07cd6b38a67126e535068ca05dc
njrat
+ 46 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-mrgveenv2a/
Behaviour
Creates scheduled task(s)
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Adds Run key to start application
Drops startup file
Loads dropped DLL
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments