MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51a94ee58fbd0c2a1638b8d60af89d9112625879f4b670f33712e1bfe25f1b6b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Jadtre


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51a94ee58fbd0c2a1638b8d60af89d9112625879f4b670f33712e1bfe25f1b6b
SHA3-384 hash: a84338c240fa18672938bf95aaaab4211cf176ca5550203920bfa34bb78ce2a58a9af3a820067c3b6c20304736310b71
SHA1 hash: 6aaef6599460db8195af65e3b21e434073849286
MD5 hash: e348844eb6fcf8173315f483e9033e2d
humanhash: five-sad-mockingbird-queen
File name:ab1671011f681ff09ac0ffd70fc4b92b
Download: download sample
Signature Jadtre
Create hunting rule
File size:27'136 bytes
First seen:2020-11-17 15:54:06 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 87bed5a7cba00c7e1f4015f1bdae2183 (3'034 x Jadtre, 23 x IcedID, 17 x Blackmoon)
ssdeep 768:od5u7mNGtyVfgRQGPL4vzZq2oZ7GtxPrw:od5z/fLGCq2w7S
Threatray 1'520 similar samples on MalwareBazaar
TLSH 88C2C072CE8081FFC0CB3432208522DB9B575A72A56A7467A710981E7DBC9E0D976753
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Win.Malware.Vtflooder-6260355-1
Create hunting rule

Win.Malware.Cerbu-9789017-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process from a recently created file
Creating a window
Changing an executable file
DNS request
Modifying an executable file
Connection attempt
Creating a file
Sending an HTTP POST request
Running batch commands
Creating a process with a hidden window
Creating a file in the %temp% directory
Connection attempt to an infection source
Infecting executable files
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Wapomi
Create hunting rule
Detection:
malicious
Classification:
spre.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/543666
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Binary contains a suspicious time stamp
Detected unpacking (changes PE section rights)
Infects executable files (exe, dll, sys, html)
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Wapomi
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/51a94ee58fbd0c2a1638b8d60af89d9112625879f4b670f33712e1bfe25f1b6b/
Threat name:
Win32.Virus.Jadtre
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 16:04:07 UTC
AV detection:
28 of 29 (96.55%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
06aad68dd932f9ff8a3529a73a1984c0c7c0eb7c5ca62c57d6da448e2633c89d
Jadtre
30361281b8a320b155178ac44ec0512a020f5ca572c4f1b228427418b7213271
Jadtre
47244def32829cff70e708ce99b13caf4a114c36a0136d82f4b8eac4c582e977
Jadtre
4b5576b5ef3ce9f15bb1bee3afd33b26d9c76ed8e1da6ea7714b0bef0cc517ef
Jadtre
65f21c6260515856005b436a7f3c038b7cc66de3084fcc6b7ae948b0d0e1ce02
Jadtre
a1077c1a9ace62cc4aa612258ee591b369e48b0c4daacfc37cfa7805df526954
Jadtre
b315fdf60e3f9555e61099ba4ac3bbefdd8a1b83b4899cfd11db1d68e7e7da81
Jadtre
b52b4af0d8841f5790b0d12c20eed7ef85007a5d340be52682cc07a5b45d2a0c
Jadtre
e2f050c0a7d2474b8539a02104bce8c2d895b1653180873e82d9c630fbc1db6c
Jadtre
e9bf65f9d280087ba75f00dcb5dda0f44d84769217a1524cbb6a85bf973207b7
Jadtre
+ 1'510 additional samples on MalwareBazaar
Unpacked files
SH256 hash:
51a94ee58fbd0c2a1638b8d60af89d9112625879f4b670f33712e1bfe25f1b6b
MD5 hash:
e348844eb6fcf8173315f483e9033e2d
SHA1 hash:
6aaef6599460db8195af65e3b21e434073849286
Link:
https://www.unpac.me/results/7621d41e-bbd5-436d-8297-58c10ddc46c8/
SH256 hash:
6a872d02b0e8db01e10c843d0880e0cbb91f8c7062ab68e3fc92188e42142856
MD5 hash:
3a49ee5ab6e49f93f1509acd6ab2248f
SHA1 hash:
f3af23affa54806845540f101766904139b26e12
Detections:
win_unidentified_045_g0
Create hunting rule
win_unidentified_045_auto
Create hunting rule
Link:
https://www.unpac.me/results/7621d41e-bbd5-436d-8297-58c10ddc46c8/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments