MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85b509c3352dde65b7dbd7c56207e2bcfe8245bf851132cbd61b93f4343077fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 2 File information 2 Yara Comments

SHA256 hash: 85b509c3352dde65b7dbd7c56207e2bcfe8245bf851132cbd61b93f4343077fc
SHA3-384 hash: b4e5330c879764c7da4bb4e5af6ca4c51acf137d07c28e8a3e9d245aea462798bd966fe43ef96995589a548c36244de7
SHA1 hash: e2731770f57600dd347759523db864cf8fd68e7a
MD5 hash: e2fdebfb3346325ae26240e1c2e0319b
humanhash: happy-finch-venus-charlie
File name:IMG-29062020.jar
Download: download sample
Signature Adwind
File size:623'050 bytes
First seen:2020-06-29 18:10:08 UTC
Last seen:Never
File type:Java file jar
MIME type:application/zip
ssdeep 12288:H9IT51JK15UepdzVHq1NrrzU5NDqtaI+ydudol6TwqTNlRVjgY9JxGIY:HYjC5UEUlg5Att+neATx3RVjgY9Jx9Y
TLSH 63D4232411EE33EAAC04F58E1F025FFD6F9B1D61025761E59D19E16EABC482CDE8C478
Reporter @abuse_ch
Tags:Adwind jar nVpn RAT

Malspam distributing Adwind:

Sending IP:
From: Account Payable <>
Subject: Payment Invoice
Attachment: IMG-29062020.jar


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 32
Origin country US US
CAPE Sandbox Detection:n/a
ClamAV No detection
CERT.PL MWDB Detection:n/a
ReversingLabs :Status:Malicious
Threat name:ByteCode-JAVA.Backdoor.Fdyd
First seen:2020-06-29 18:12:05 UTC
AV detection:8 of 48 (16.67%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:adwind
Tags:trojan family:adwind persistence
VirusTotal:No data

File information

The table below shows additional information about this malware sample such as delivery method and external references.



Java file jar 85b509c3352dde65b7dbd7c56207e2bcfe8245bf851132cbd61b93f4343077fc

(this sample)

Delivery method
Distributed via e-mail attachment