MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 30361281b8a320b155178ac44ec0512a020f5ca572c4f1b228427418b7213271. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Jadtre


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 30361281b8a320b155178ac44ec0512a020f5ca572c4f1b228427418b7213271
SHA3-384 hash: a511e448a4b6f82ed6d450906122aad85ebedb67448132d6e6b8b8ab1f48942a9f0f22fab3e5b3c4e6015a99accacec1
SHA1 hash: d1950617f9d084587d7d4ac93a16b2e1e658b7a6
MD5 hash: 356814da8ac0f4fe4b13a71293e71a3b
humanhash: carbon-wolfram-alabama-stairway
File name:af9456c70e8df4d0f8857cd895616de8
Download: download sample
Signature Jadtre
Create hunting rule
File size:27'136 bytes
First seen:2020-11-17 15:09:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 87bed5a7cba00c7e1f4015f1bdae2183 (3'034 x Jadtre, 23 x IcedID, 17 x Blackmoon)
ssdeep 768:yd5u7mNGtyVfvCpqQGPL4vzZq2oZ7G1xkjK:yd5z/fvcJGCq2w71
Threatray 1'158 similar samples on MalwareBazaar
TLSH 80C2C0B2CE8084FFC0CB34722085128B9B575A7295AA6467A710981E7DBCDE0DA76753
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Win.Malware.Vtflooder-6260355-1
Create hunting rule

Win.Malware.Cerbu-9789017-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a process from a recently created file
Creating a window
Changing an executable file
DNS request
Connection attempt
Sending an HTTP POST request
Modifying an executable file
Creating a file
Running batch commands
Creating a process with a hidden window
Connection attempt to an infection source
Infecting executable files
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/30361281b8a320b155178ac44ec0512a020f5ca572c4f1b228427418b7213271/
Threat name:
Win32.Virus.Jadtre
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 15:20:37 UTC
AV detection:
27 of 28 (96.43%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
30997613e573e7719fa6eb3046febb1acfbe14957590d68b5ece1c109b8a7d41
Jadtre
47244def32829cff70e708ce99b13caf4a114c36a0136d82f4b8eac4c582e977
Jadtre
4b5576b5ef3ce9f15bb1bee3afd33b26d9c76ed8e1da6ea7714b0bef0cc517ef
Jadtre
65f21c6260515856005b436a7f3c038b7cc66de3084fcc6b7ae948b0d0e1ce02
Jadtre
7bd41098acc4c07cf156dcf57ebf6c5b297c54c6279c1f064e520625cabbeba9
Jadtre
a1077c1a9ace62cc4aa612258ee591b369e48b0c4daacfc37cfa7805df526954
Jadtre
b315fdf60e3f9555e61099ba4ac3bbefdd8a1b83b4899cfd11db1d68e7e7da81
Jadtre
b52b4af0d8841f5790b0d12c20eed7ef85007a5d340be52682cc07a5b45d2a0c
Jadtre
e9bf65f9d280087ba75f00dcb5dda0f44d84769217a1524cbb6a85bf973207b7
Jadtre
f1ebf6e241e6213ccb8537ca9553f19c5e7802838bf4f55b74479cea0fdd354d
Jadtre
+ 1'148 additional samples on MalwareBazaar
Unpacked files
SH256 hash:
30361281b8a320b155178ac44ec0512a020f5ca572c4f1b228427418b7213271
MD5 hash:
356814da8ac0f4fe4b13a71293e71a3b
SHA1 hash:
d1950617f9d084587d7d4ac93a16b2e1e658b7a6
Link:
https://www.unpac.me/results/fb344620-cf71-4e76-9099-90fa5e2245f2/
SH256 hash:
0af7cac563274fe34525c2038e76955934cb8404d4d6f5cae1e9b0ab4d516460
MD5 hash:
6f15b11bcb80d4c07f43f966d37c1a25
SHA1 hash:
a76ceeb7697bbfcbdf1e8b53a3569e31a13de87f
Detections:
win_unidentified_045_g0
Create hunting rule
win_unidentified_045_auto
Create hunting rule
Link:
https://www.unpac.me/results/fb344620-cf71-4e76-9099-90fa5e2245f2/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments