MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fc08885434f9b2677ca7076bc2651218335dfb40141fa7fe49558bd3c7eb4e5a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


njrat


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fc08885434f9b2677ca7076bc2651218335dfb40141fa7fe49558bd3c7eb4e5a
SHA3-384 hash: a3a6fe59e5b617a89673d7cc64b93ea2261bca4e054f266e42b4fa919144145e6177690614c0250ffc3b3b02c448a70d
SHA1 hash: c79a1cfa111927ff2710993091e5348d845c00bb
MD5 hash: c30e71469470e7a0e0a1e8c8b4b87cb0
humanhash: december-bravo-may-london
File name:fc08885434f9b2677ca7076bc2651218335dfb40141fa7fe49558bd3c7eb4e5a
Download: download sample
Signature njrat
Create hunting rule
File size:100'864 bytes
First seen:2020-06-29 07:46:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'749 x AgentTesla, 19'653 x Formbook, 12'246 x SnakeKeylogger)
ssdeep 1536:RaaayzDdXxcCqqyK6AlxLZBcVfqDbMZF4s5Dgr8bjRc/wu:/gqT6ILE6wX4s5Dgr8bjRc/wu
TLSH AEA3F62BD2D97A95C0760B3C33315390D3AEDC16E393D71B7ECA4C025AF956A3912B89
Reporter JAMESWT_WT
Tags:NjRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Njrat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/15918/
Detection(s):
Win.Packed.Bladabindi-7432994-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fc08885434f9b2677ca7076bc2651218335dfb40141fa7fe49558bd3c7eb4e5a/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-22 23:03:26 UTC
File Type:
PE (.Net Exe)
Extracted files:
15
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7qeiqvbu7gzgo7fha5v4ezisdazv362acqp2p7sjkwf5hr7ljzna._file
Verdict:
unknown
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
evasion persistence trojan family:njrat
Link:
https://tria.ge/reports/200629-yq7h55retj/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies service
Adds Run entry to start application
Loads dropped DLL
Executes dropped EXE
Modifies Windows Firewall
njRAT/Bladabindi
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/15918/

Comments