MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 18a20470c65d468a2248dcb8f5cf572bdfe370fdaf4f6f7f60275d4eee013d3f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Adwind

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	18a20470c65d468a2248dcb8f5cf572bdfe370fdaf4f6f7f60275d4eee013d3f
SHA3-384 hash:	1460f097151b343faac87b607df9633da89cb7cd6edfc4d8fdd76d227daeb9e7937e4b0e620f7536a71e2aa8a19c3b04
SHA1 hash:	c60d7408a8a34a045b3c1e9db0988e08ac7b113a
MD5 hash:	60ab36c790ee7c00f395d1e9b8d42182
humanhash:	network-fix-failed-river
File name:	60ab36c790ee7c00f395d1e9b8d42182.jar
Download:	download sample
Signature	Adwind Create hunting rule
File size:	87'350 bytes
First seen:	2020-05-18 07:53:52 UTC
Last seen:	Never
File type:	jar
MIME type:	application/java-archive
ssdeep	1536:UpdsWYRGCzE7NgmMwaNImA7ecCU/rf4e+hu4sA8k3zetj2PK0isOmlfzrYhuJhc:UB045gmMrINqYrMu4se3zg6PKIVfYMJG
TLSH	9783E0D13048C5AFD6F3D3B8C2D5EC43A95CA48EFA2EE20F136555479836A8C3A67316
Reporter	abuse_ch
Tags:	Adwind jar nVpn RAT

abuse_ch

Adwind RAT C2:
pluginserver.duckdns.org:54555
pplugin.duckdns.org:54555
79.134.225.80:1984

Hosted on nVpn:

% Information related to '79.134.225.64 - 79.134.225.127'

% Abuse contact for '79.134.225.64 - 79.134.225.127' is 'abuse@your-vpn.network'

inetnum: 79.134.225.64 - 79.134.225.127
netname: YOUR_VPN_NETWORK
country: DE
remarks: ****************************************************
remarks: This subnet belongs to a VPN service provider.
remarks: We protect the right to privacy, which means
remarks: we don't log the activities of our users.
remarks: ****************************************************
admin-c: EH4074-RIPE
tech-c: YVN10-RIPE
status: ASSIGNED PA
abuse-c: YVN10-RIPE
org: ORG-YVN1-RIPE
mnt-by: AF15-MNT
created: 2019-07-19T18:26:38Z
last-modified: 2019-07-19T18:51:28Z
source: RIPE

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Java.Packer.Allatori-1

Gathering data

Threat name:

ByteCode-JAVA.Trojan.Adwind

Status:

Malicious

First seen:

2020-05-18 13:00:00 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

12 of 48 (25.00%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=dcrai4gglvdiuisi3s4plt2xfpp6g4h5v5hw673ae5ou53qbhu7q._file

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-r3r58ld38x/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Adwind

jar 18a20470c65d468a2248dcb8f5cf572bdfe370fdaf4f6f7f60275d4eee013d3f

(this sample)

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample