MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3f1eec46766f917b90028df58ad0660e9a344d2c74bd17bc905e75562e0fc12e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Jadtre


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3f1eec46766f917b90028df58ad0660e9a344d2c74bd17bc905e75562e0fc12e
SHA3-384 hash: 1aaa9aa8f470953a09f0e2977e141c494b8ff0a43af97deee276d82dfd6128bab93eec16c7eeda0e26aa74973f811185
SHA1 hash: a926b3d5ec4d45691f9529e7641e7ceac9b02ce1
MD5 hash: 6a2dfc0f5332ea1da1d8ebc460ef1672
humanhash: leopard-table-pasta-cat
File name:b1fc77df153b949a807e3a36607c4540
Download: download sample
Signature Jadtre
Create hunting rule
File size:27'136 bytes
First seen:2020-11-17 14:54:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 87bed5a7cba00c7e1f4015f1bdae2183 (3'034 x Jadtre, 23 x IcedID, 17 x Blackmoon)
ssdeep 768:4d5u7mNGtyVfi+QGPL4vzZq2oZ7G2x03rm:4d5z/f+GCq2w7q
Threatray 1'240 similar samples on MalwareBazaar
TLSH 9AC2C073CE8090FFC0CB3472204522CBAB175A72556A7867A750981E7DBCDE0E976753
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Win.Malware.Vtflooder-6260355-1
Create hunting rule

Win.Malware.Cerbu-9789017-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a process from a recently created file
Creating a window
Changing an executable file
DNS request
Connection attempt
Sending an HTTP POST request
Modifying an executable file
Creating a file
Running batch commands
Creating a process with a hidden window
Connection attempt to an infection source
Infecting executable files
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3f1eec46766f917b90028df58ad0660e9a344d2c74bd17bc905e75562e0fc12e/
Threat name:
Win32.Virus.Jadtre
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 15:12:08 UTC
AV detection:
28 of 29 (96.55%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
17fafd55928088f9fe00993badf0b71631cc13f4cfae4316c76b0cf3357b2770
Jadtre
1c809879e18954990375444a4e8ea384a362ec773bc882c3c3512f2038723c27
Jadtre
36f0758d2351761a2ae7b1892f015a8860459c7ae2d6d9c1c022a409dc60e110
Jadtre
472227ac662d706c54448f61e30d4caa09e1f4c117b2776785d99a273d93fcf6
Jadtre
4d9915f5a3d03cb794b5031468f5db61e5ff54bde8aa6f2da26930f59ad238e2
Jadtre
55f5ff9f2d1504c469b8c3b2bc18797266aa35cd82b6dcd42f6ba579ca41d538
Jadtre
82c933cce7df3da5313a807e7c953b735bd353d51b9a7cdca4811234e81eb646
Jadtre
8f5d75653018d1cb3d7f63fc13455d5b8b552c35daa1ddc8602a918544b892a8
Jadtre
dc874f9b0c5d31ef89681c83a150715bb3d8d5fb5cd8c9eb9955f741086c297d
Jadtre
e255794b55de7505568018a5d402243d6f7761e3180d00d52637ee6b8e953764
Jadtre
+ 1'230 additional samples on MalwareBazaar
Unpacked files
SH256 hash:
3f1eec46766f917b90028df58ad0660e9a344d2c74bd17bc905e75562e0fc12e
MD5 hash:
6a2dfc0f5332ea1da1d8ebc460ef1672
SHA1 hash:
a926b3d5ec4d45691f9529e7641e7ceac9b02ce1
Link:
https://www.unpac.me/results/b046ee62-606e-4a15-b373-6b943c4064ae/
SH256 hash:
a52a9474ee016e73a06088ec215d615d6a7cadb340c58691cfa1e496dce00457
MD5 hash:
e73950f09ffdded321bd9dfd810b7839
SHA1 hash:
3446ab753b2ee82b8feb24abb736259af411a22a
Detections:
win_unidentified_045_g0
Create hunting rule
win_unidentified_045_auto
Create hunting rule
Link:
https://www.unpac.me/results/b046ee62-606e-4a15-b373-6b943c4064ae/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments