MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d5bea0ae5facf0159f35ea0bead65369ceb83942cc7073cb459ff06c6f82f0b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Adwind


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1d5bea0ae5facf0159f35ea0bead65369ceb83942cc7073cb459ff06c6f82f0b
SHA3-384 hash: 0ef4ec69b21f19aae9f93da3c72ecbcd6061f7fdab818218bb2c08037b1246d42fa5f73769503edf3b546495b9e900c6
SHA1 hash: e95d7cd238693d35932956aeb0b629b126830206
MD5 hash: f89a56dbff959639e4b4112ced98fce2
humanhash: lemon-berlin-pizza-autumn
File name:1d5bea0ae5facf0159f35ea0bead65369ceb83942cc7073cb459ff06c6f82f0b
Download: download sample
Signature Adwind
Create hunting rule
File size:1'668'827 bytes
First seen:2026-02-03 20:12:37 UTC
Last seen:Never
File type:Java file jar
MIME type:application/java-archive
ssdeep 49152:Y/y7qDgaZ4YYJ1vBLR4qaxI+iCz+VnSON:Y/5DByYm4x5a5N
TLSH T1727502067D85C8B5E437CC710049C257F06D29EDE90991EB02E19E896EB4E9B0F1FBDA
TrID 77.1% (.JAR) Java Archive (13500/1/2)
22.8% (.ZIP) ZIP compressed archive (4000/1)
Magika jar
Reporter Neiki
Tags:Adwind jar java Loader netreactor PureMiner RAT zgRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
xeno-payload.jar
Verdict:
Malicious activity
Analysis date:
2026-02-03 20:10:26 UTC
Tags:
java zgrat pureminer netreactor
Link:
https://app.any.run/tasks/da1edd25-81b6-4e23-9c36-5849eeed4960

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Sanesecurity.Malware.27013.JsHeur.Obfs.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Java.Obfus-7.UNOFFICIAL
Create hunting rule

PUA.Java.Packer.Allatori-1
Create hunting rule

Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=698256306b1af47db72c893c
Tags:
n/a
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/698256d9930564ff3c87b9e0/reports/6f07eae0-e859-4375-b317-956ab48b9b15/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/1d5bea0ae5facf0159f35ea0bead65369ceb83942cc7073cb459ff06c6f82f0b
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/1d5bea0ae5facf0159f35ea0bead65369ceb83942cc7073cb459ff06c6f82f0b
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
File Type:
jar
First seen:
2026-02-01T12:49:00Z UTC
Last seen:
2026-02-02T15:37:00Z UTC
Hits:
~100
Detections:
HEUR:Trojan.MSIL.InjectorNetT.gen HEUR:Trojan.Java.Alien.gen BSS:Trojan.Win32.Generic
Link:
https://opentip.kaspersky.com/1d5bea0ae5facf0159f35ea0bead65369ceb83942cc7073cb459ff06c6f82f0b/results?tab=lookup
Score:
8%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/1d5bea0ae5facf0159f35ea0bead65369ceb83942cc7073cb459ff06c6f82f0b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1d5bea0ae5facf0159f35ea0bead65369ceb83942cc7073cb459ff06c6f82f0b/
Verdict:
Malicious
Threat:
Family.ZGRAT
Link:
https://tip.neiki.dev/file/1d5bea0ae5facf0159f35ea0bead65369ceb83942cc7073cb459ff06c6f82f0b
Threat name:
ByteCode-JAVA.Backdoor.Adwind
Create hunting rule
Status:
Malicious
First seen:
2026-02-01 19:08:59 UTC
File Type:
Binary (Archive)
Extracted files:
705
AV detection:
9 of 36 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dvn6ucxf7lhqcwptl2ql5llfg2ooxa4uftdqopfulh7qnrxyf4fq._file
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/1d5bea0ae5fa/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/1d5bea0ae5facf0159f35ea0bead65369ceb83942cc7073cb459ff06c6f82f0b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://www.threat.rip/file/1d5bea0ae5facf0159f35ea0bead65369ceb83942cc7073cb459ff06c6f82f0b

Comments