MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 13048505f556d6ea56269b68d126582245a8bfe9e7d06c932b9570c4a0ef5276. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Jadtre

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	13048505f556d6ea56269b68d126582245a8bfe9e7d06c932b9570c4a0ef5276
SHA3-384 hash:	ce3cf062b57b5df30286bb834f248ef06a4ab35c8ccb59897c42633cf5ed217f355f73de8528838fe1534166b5b2ab0e
SHA1 hash:	b108eecd1c883bf23d6037a2775c66b2f4f26d52
MD5 hash:	1138699bf52bc690b4ef1589efefa641
humanhash:	arizona-autumn-kitten-idaho
File name:	ae9d4849b80c022be9558ebfa4196d61
Download:	download sample
Signature	Jadtre Create hunting rule
File size:	27'136 bytes
First seen:	2020-11-17 14:09:53 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	87bed5a7cba00c7e1f4015f1bdae2183 (3'034 x Jadtre, 23 x IcedID, 17 x Blackmoon)
ssdeep	768:Md5u7mNGtyVfvcmlQGPL4vzZq2oZ7G2xwOU:Md5z/fvxCGCq2w7g
Threatray	1'366 similar samples on MalwareBazaar
TLSH	89C2CF72CE8090FFC0CB3072204522DBAB535A7295AA7867A710981E7DBC9D0EA76753
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Asprotect-3

Win.Malware.Vtflooder-6260355-1

Win.Malware.Cerbu-9789017-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a file in the %temp% directory

Creating a process from a recently created file

Creating a window

Changing an executable file

DNS request

Modifying an executable file

Connection attempt

Sending an HTTP POST request

Creating a file

Running batch commands

Creating a process with a hidden window

Connection attempt to an infection source

Infecting executable files

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/13048505f556d6ea56269b68d126582245a8bfe9e7d06c932b9570c4a0ef5276/

Threat name:

Win32.Virus.Jadtre

Status:

Malicious

First seen:

2020-11-17 14:11:33 UTC

AV detection:

27 of 29 (93.10%)

Threat level:

5/5

Verdict:

malicious

Unpacked files

SH256 hash:

13048505f556d6ea56269b68d126582245a8bfe9e7d06c932b9570c4a0ef5276

MD5 hash:

1138699bf52bc690b4ef1589efefa641

SHA1 hash:

b108eecd1c883bf23d6037a2775c66b2f4f26d52

Link:

https://www.unpac.me/results/3aaa4779-e5b7-45d2-8369-866160bcf879/

SH256 hash:

0b25b667c508d6cdefc946ab2a755eebb8643c147bb5d3e7b2f9f339ce5804a2

MD5 hash:

9b426d456a3333c26876254ff825f7e3

SHA1 hash:

79c19b69b21a7b01cb35afec8003f4f1edff282e

Detections:

win_unidentified_045_g0

win_unidentified_045_auto

Link:

https://www.unpac.me/results/3aaa4779-e5b7-45d2-8369-866160bcf879/

SH256 hash:

7938efbfef7db242cc1dbd5aef4114c4fcfe6efe3f95bd5d163c4165c58b68bf

MD5 hash:

d83b5ca715007601609a26c34ffa9e23

SHA1 hash:

33decada0bd636cb87bd8aae7ccea9ca41389f2a

Link:

https://www.unpac.me/results/3aaa4779-e5b7-45d2-8369-866160bcf879/

SH256 hash:

8e9ece6f855f68b0aced91516eabe60d5c125b36aab6cd9d908074d7a646143b

MD5 hash:

d13940ec0fb36ab2f384d40d1ee71a5a

SHA1 hash:

6d7a7ea2c666fd2045b2c841697735a06909fdc4

Link:

https://www.unpac.me/results/3aaa4779-e5b7-45d2-8369-866160bcf879/

SH256 hash:

0424a4b9a3c6b9535e3614a886693476d1ee52165af8a9eb0e787a27a9cc5a32

MD5 hash:

434678b480b458b673e595b8f1b9b227

SHA1 hash:

aec3f6153f5b84beace75f297be07c50c50fb563

Link:

https://www.unpac.me/results/3aaa4779-e5b7-45d2-8369-866160bcf879/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample