MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85b509c3352dde65b7dbd7c56207e2bcfe8245bf851132cbd61b93f4343077fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 2 Yara Comments

SHA256 hash: 85b509c3352dde65b7dbd7c56207e2bcfe8245bf851132cbd61b93f4343077fc
SHA3-384 hash: b4e5330c879764c7da4bb4e5af6ca4c51acf137d07c28e8a3e9d245aea462798bd966fe43ef96995589a548c36244de7
SHA1 hash: e2731770f57600dd347759523db864cf8fd68e7a
MD5 hash: e2fdebfb3346325ae26240e1c2e0319b
humanhash: happy-finch-venus-charlie
File name:IMG-29062020.jar
Download: download sample
Signature Adwind
File size:623'050 bytes
First seen:2020-06-29 18:10:08 UTC
Last seen:Never
File type:Java file jar
MIME type:application/zip
ssdeep 12288:H9IT51JK15UepdzVHq1NrrzU5NDqtaI+ydudol6TwqTNlRVjgY9JxGIY:HYjC5UEUlg5Att+neATx3RVjgY9Jx9Y
TLSH 63D4232411EE33EAAC04F58E1F025FFD6F9B1D61025761E59D19E16EABC482CDE8C478
Reporter @abuse_ch
Tags:Adwind jar nVpn RAT


Twitter
@abuse_ch
Malspam distributing Adwind:

HELO: s333.xrea.com
Sending IP: 150.95.9.155
From: Account Payable <transfer@khlifx.com>
Subject: Payment Invoice
Attachment: IMG-29062020.jar

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 32
Origin country US US
CAPE Sandbox Detection:n/a
Link: https://www.capesandbox.com/analysis/16560/
ClamAV No detection
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/85b509c3352dde65b7dbd7c56207e2bcfe8245bf851132cbd61b93f4343077fc/
ReversingLabs :Status:Malicious
Threat name:ByteCode-JAVA.Backdoor.Fdyd
First seen:2020-06-29 18:12:05 UTC
AV detection:8 of 48 (16.67%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:adwind
Link: https://tria.ge/reports/200629-ezaa7xre8a/
Tags:trojan family:adwind persistence
VirusTotal:No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Adwind

Java file jar 85b509c3352dde65b7dbd7c56207e2bcfe8245bf851132cbd61b93f4343077fc

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments