MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f4e2b9be16629b7e07dd3b0a8e8b19aefd80e74baed0119a94e877b12de5010. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Jadtre

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	4f4e2b9be16629b7e07dd3b0a8e8b19aefd80e74baed0119a94e877b12de5010
SHA3-384 hash:	16e409c099fb2f41f83522c36cc7ece385e9c0ba63ec53f1dd1bd35bbecedb7ed4318193861af4e9c9ba39fe4f132938
SHA1 hash:	fcfd0b5fb79b2b53816c9b5415772002a301f006
MD5 hash:	6d8898b49c6492b828813f63f46d937e
humanhash:	oscar-muppet-alanine-nebraska
File name:	b2a3fa09b1ddcc82bae4b81649509693
Download:	download sample
Signature	Jadtre Create hunting rule
File size:	27'136 bytes
First seen:	2020-11-17 14:03:21 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	87bed5a7cba00c7e1f4015f1bdae2183 (3'034 x Jadtre, 23 x IcedID, 17 x Blackmoon)
ssdeep	768:Qd5u7mNGtyVfvHAqQGPL4vzZq2o9W7GsxgO8:Qd5z/fvgJGCq2iW7a
Threatray	1'386 similar samples on MalwareBazaar
TLSH	DBC2D073CE8090FFC0CB3072208512CB9B575A72A56A6867A750D81E7DBCDE0DA76753
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Asprotect-3

Win.Malware.Vtflooder-6260355-1

Win.Malware.Cerbu-9789017-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% directory

Sending a UDP request

Creating a process from a recently created file

Creating a window

Changing an executable file

DNS request

Connection attempt

Sending an HTTP POST request

Modifying an executable file

Creating a file

Running batch commands

Creating a process with a hidden window

Connection attempt to an infection source

Infecting executable files

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4f4e2b9be16629b7e07dd3b0a8e8b19aefd80e74baed0119a94e877b12de5010/

Threat name:

Win32.Virus.Jadtre

Status:

Malicious

First seen:

2020-11-17 14:04:18 UTC

AV detection:

27 of 29 (93.10%)

Threat level:

5/5

Verdict:

malicious

Unpacked files

SH256 hash:

4f4e2b9be16629b7e07dd3b0a8e8b19aefd80e74baed0119a94e877b12de5010

MD5 hash:

6d8898b49c6492b828813f63f46d937e

SHA1 hash:

fcfd0b5fb79b2b53816c9b5415772002a301f006

Link:

https://www.unpac.me/results/09c5ab48-b152-4272-84d1-3edfa2c956ae/

SH256 hash:

1b0352e482bcf3c57319894580e145dbaad837ab8e891780a652a4ae6dee0176

MD5 hash:

35438b4d8a0e289438d3e2b42da249cb

SHA1 hash:

9e83363b36a6ee5290ddf3ff99a2b3291ec20913

Detections:

win_unidentified_045_g0

win_unidentified_045_auto

Link:

https://www.unpac.me/results/09c5ab48-b152-4272-84d1-3edfa2c956ae/

SH256 hash:

cc024043f6b8eeaf7a44ac4df562ed3bba75e1b320ef08814bf99e669a065281

MD5 hash:

dd022bc044ef8ba27a8ccc1bf3b6d7d0

SHA1 hash:

0813184483255d32c2ffaa9a2bca5a21a78f0a7d

Link:

https://www.unpac.me/results/09c5ab48-b152-4272-84d1-3edfa2c956ae/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample