MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 122bd1554039cf8c8d9075719e6dc5164c42bd481e456581e7f016b90156bfa8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Jadtre


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 122bd1554039cf8c8d9075719e6dc5164c42bd481e456581e7f016b90156bfa8
SHA3-384 hash: 822fc4c0200672f5763edefbc0239d96eb9a0d7b3bcfaa28e303cfd8a35999dc59aaf2825d61c3385a421586b39a98df
SHA1 hash: d22c2f67cc57d51af54d234b6d7430e709d050d5
MD5 hash: 686cdaddee2532a69c7d1ec4ea51b8f4
humanhash: may-echo-fillet-wisconsin
File name:ae0bc5b2a4ec47d5a383762288e9e108
Download: download sample
Signature Jadtre
Create hunting rule
File size:27'136 bytes
First seen:2020-11-17 16:00:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 87bed5a7cba00c7e1f4015f1bdae2183 (3'034 x Jadtre, 23 x IcedID, 17 x Blackmoon)
ssdeep 768:rd5u7mNGtyVfvN1QGPL4vzZq2oZ7GTx9IN:rd5z/fvQGCq2w7+
Threatray 1'575 similar samples on MalwareBazaar
TLSH 2CC2D072CE8080FFC0CB3072208521D79B579A7295AA68A7A710981E7DBCDD0EA77753
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Win.Malware.Vtflooder-6260355-1
Create hunting rule

Win.Malware.Cerbu-9789017-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a process from a recently created file
DNS request
Creating a window
Changing an executable file
Connection attempt
Sending an HTTP POST request
Modifying an executable file
Creating a file
Running batch commands
Creating a process with a hidden window
Connection attempt to an infection source
Infecting executable files
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Wapomi
Create hunting rule
Detection:
malicious
Classification:
spre.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/540812
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Binary contains a suspicious time stamp
Detected unpacking (changes PE section rights)
Infects executable files (exe, dll, sys, html)
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Wapomi
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/122bd1554039cf8c8d9075719e6dc5164c42bd481e456581e7f016b90156bfa8/
Threat name:
Win32.Virus.Jadtre
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 16:07:53 UTC
AV detection:
28 of 29 (96.55%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0546d43d99c02514969b3f387704b91a9b133d2dcd978f733959af595de38fbb
Jadtre
0db4416d324eb5bae120b9a7ad1769d387bc5c80a52150b3e31a6ebad093a70c
Jadtre
1b3570eee1a3b05edf59d6eeac5498f1b728bf5036a9c407eba84eaf687f2e04
Jadtre
426ba7d7b33c569ccf2d8a9792e50375e5bab5b912b6a5430812b741bd433eb2
Jadtre
46afcdc238ce38aea437045ddfa8ccc0d1aee270016ca821b2c79d85f4bd9c41
Jadtre
58e7be1b0786181590c5dc294bbe146d2789f3873a47672b34aa7c30b5c85506
Jadtre
5db556665e6088e2496700850dca7a3f5a6e4fb4b4e100cdbfc4562986034604
Jadtre
72b62d5c72d7f2a6326709627dc7447b58eb4cc88401bdaf81f26f0664ee8b2c
Jadtre
7acfc0724c4555fb3f7c91177d25bf3f850e5fb44d1fc8fc1931d7c1976b8fdb
Jadtre
d248819cfac8b846a3ca48701b648e6893550617481528dcb01e4a3d9877a666
Jadtre
+ 1'565 additional samples on MalwareBazaar
Unpacked files
SH256 hash:
122bd1554039cf8c8d9075719e6dc5164c42bd481e456581e7f016b90156bfa8
MD5 hash:
686cdaddee2532a69c7d1ec4ea51b8f4
SHA1 hash:
d22c2f67cc57d51af54d234b6d7430e709d050d5
Link:
https://www.unpac.me/results/b60c20ed-9d29-4216-a1fc-c3584617ffef/
SH256 hash:
fba5ef309ae45646b8433dbadd9897e2621e221cd97ce9390a0478103111c740
MD5 hash:
49f36419e9000e174bfd19aeb1511840
SHA1 hash:
f630419b084b9958e9636f7485fee0f3872c1eeb
Detections:
win_unidentified_045_g0
Create hunting rule
win_unidentified_045_auto
Create hunting rule
Link:
https://www.unpac.me/results/b60c20ed-9d29-4216-a1fc-c3584617ffef/
SH256 hash:
4687180fa8a80ca9bef5c555caa7e2e960ae1dcea6454630934b91b0ba6c6c7e
MD5 hash:
0b2888d40e9a00005505cdeedf74cf27
SHA1 hash:
32133ac2c61ed99d7b9028919a1a100b699556c5
Link:
https://www.unpac.me/results/b60c20ed-9d29-4216-a1fc-c3584617ffef/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments