MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 34a52388b0de94f535226b9e7e0815ca1e0eff80bf1b07f3d9de3fb9f50b26ac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Jadtre


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 34a52388b0de94f535226b9e7e0815ca1e0eff80bf1b07f3d9de3fb9f50b26ac
SHA3-384 hash: 859b8e721e774db918a44503e42b175c77ab62fbb0594b7a85f12fe6a4c29cbf89fe79506acdd182eab8ab65d66c3500
SHA1 hash: e4499f26118dba2aa3054a934dba9420d857a856
MD5 hash: dfa0e2b4e3054510328b8a3fd7e8bcdd
humanhash: double-football-enemy-william
File name:34a52388b0de94f535226b9e7e0815ca1e0eff80bf1b07f3d9de3fb9f50b26ac
Download: download sample
Signature Jadtre
Create hunting rule
File size:7'200'768 bytes
First seen:2020-11-12 13:49:05 UTC
Last seen:2024-07-24 12:56:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4741f7486b03721266ba5450d304412c (3 x Worm.Ramnit, 1 x Jadtre)
ssdeep 98304:62SpDLfIaaUVp549kfLVWYnih9NrLxRDoYgkRIZvfEJ6OwC8KSGq1EN9CHiiFbAX:ABbRf0xuXeIZ3Esu8KSInM
Threatray 1 similar samples on MalwareBazaar
TLSH 58761223626240BAD0D54C358A3BBFB676B607264F52DDBB93C5ECC429225E0F323657
Reporter seifreed

Intelligence

File Origin
# of uploads :
2
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Win.Malware.Gotango-7000352-0
Create hunting rule

Win.Malware.Agen-7172367-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a process from a recently created file
Creating a window
Changing an executable file
DNS request
Launching the default Windows debugger (dwwin.exe)
Modifying an executable file
Creating a file
Running batch commands
Creating a process with a hidden window
Connection attempt to an infection source
Infecting executable files
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/34a52388b0de94f535226b9e7e0815ca1e0eff80bf1b07f3d9de3fb9f50b26ac/
Threat name:
Win32.Virus.Jadtre
Create hunting rule
Status:
Malicious
First seen:
2020-11-12 13:50:06 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
68d9b1b79eac821bd61cfea1a528b5a26fc371be1e24bf71ec424fddb63e5c92
Jadtre
Result
Malware family:
n/a
Score:
  10/10
Tags:
aspackv2
Link:
https://tria.ge/reports/201112-64l6n82lmj/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in Program Files directory
Loads dropped DLL
ASPack v2.12-2.42
Executes dropped EXE
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
34a52388b0de94f535226b9e7e0815ca1e0eff80bf1b07f3d9de3fb9f50b26ac
MD5 hash:
dfa0e2b4e3054510328b8a3fd7e8bcdd
SHA1 hash:
e4499f26118dba2aa3054a934dba9420d857a856
Link:
https://www.unpac.me/results/952bdec3-c4cb-4ba1-905f-178ea75e1422/
SH256 hash:
8317bee1b173c8f89c885956559ca66fe18d5b072492a2d40245126c9b6243a8
MD5 hash:
f5ba9fd0af0b174361e9b5f72563934d
SHA1 hash:
37395ad9595e4a5465a916304077029ca08079d5
Detections:
win_unidentified_045_g0
Create hunting rule
win_unidentified_045_auto
Create hunting rule
Link:
https://www.unpac.me/results/952bdec3-c4cb-4ba1-905f-178ea75e1422/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments