MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51b20c6974cdf878e853c943e3c7ab2c703e90e6107bfc050aa26be50b1cdeeb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Jadtre


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51b20c6974cdf878e853c943e3c7ab2c703e90e6107bfc050aa26be50b1cdeeb
SHA3-384 hash: 99604b7cdd219c08d7c19918c97afcd4720e05bf857ff4b1d6c789ef61a568037567e115a2d701a461dd9157266342ee
SHA1 hash: 1b7c3033c8c148429e360319b4a3af036ef43b47
MD5 hash: a857b28b32c5693a5bb5fcc72d2e4deb
humanhash: salami-montana-oxygen-alpha
File name:ad54001875c0792ba27f035517484c40
Download: download sample
Signature Jadtre
Create hunting rule
File size:27'136 bytes
First seen:2020-11-17 15:59:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 87bed5a7cba00c7e1f4015f1bdae2183 (3'034 x Jadtre, 23 x IcedID, 17 x Blackmoon)
ssdeep 768:ed5u7mNGtyVflwUQGPL4vzZq2o9W7GtxtaYH:ed5z/fl6GCq2iW7l
Threatray 1'583 similar samples on MalwareBazaar
TLSH 6CC2D073CE8084FFC0CF3432208522CB9B135A7295AA6867A750981E7DBCDD0DA7A753
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Win.Malware.Vtflooder-6260355-1
Create hunting rule

Win.Malware.Cerbu-9789017-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a process from a recently created file
Creating a window
Changing an executable file
DNS request
Connection attempt
Sending an HTTP POST request
Modifying an executable file
Creating a file
Running batch commands
Creating a process with a hidden window
Sending a UDP request
Connection attempt to an infection source
Infecting executable files
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Wapomi
Create hunting rule
Detection:
malicious
Classification:
spre.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/540942
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Binary contains a suspicious time stamp
Detected unpacking (changes PE section rights)
Infects executable files (exe, dll, sys, html)
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Wapomi
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/51b20c6974cdf878e853c943e3c7ab2c703e90e6107bfc050aa26be50b1cdeeb/
Threat name:
Win32.Virus.Jadtre
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 16:07:38 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0546d43d99c02514969b3f387704b91a9b133d2dcd978f733959af595de38fbb
Jadtre
213b781613577fb83652b042e7b75c03ba36ba4741ce87a927f0b755ea326ed7
Jadtre
4a71c947c491f0679642b7f52c1fb8311a787be8428a570c90218c465111b158
Jadtre
83f83dbbd3e0f1d6e60041c0f34a9fb657aa22ebf50a68b1dbb8a9944760514a
Jadtre
841371e672a2ddda66027fcd85d51d11db6b1a6fb68d6b7c9010f4c29745b2b4
Jadtre
d88eeeea2cef3b6440b95b731a0804a707cc4ff519e4ffbde5edd648cba2bbc5
Jadtre
e0758da8c84aded32f0022eb0dea2bc32fb378fcf0337d3ced1f6ccbba8b554a
Jadtre
eb9fb8bcf4bc8b463d0e9a2c3ef47a75f28ff6ba688dd496e12fe6d7ef14ab69
Jadtre
f386fd06d5db6a888887954c1ebd173c457c63b05ee4e8f3385df43c2ec182cf
Jadtre
f842d337370d985e4fd0d973236e114a3225561ceeb1c29e54c7ecc9954ba641
Jadtre
+ 1'573 additional samples on MalwareBazaar
Unpacked files
SH256 hash:
51b20c6974cdf878e853c943e3c7ab2c703e90e6107bfc050aa26be50b1cdeeb
MD5 hash:
a857b28b32c5693a5bb5fcc72d2e4deb
SHA1 hash:
1b7c3033c8c148429e360319b4a3af036ef43b47
Link:
https://www.unpac.me/results/f85b8648-4677-4409-b962-de7fdb371377/
SH256 hash:
6186494dc3ca5962e686699d8b1f435b5b2240d3d27bf43488b124d5e4144ed3
MD5 hash:
cfbfc8ffd11452ea6665eb0f5abfb4bd
SHA1 hash:
f09213e6e18aa91a5eb4f9f2962bc90190fc4550
Detections:
win_unidentified_045_g0
Create hunting rule
win_unidentified_045_auto
Create hunting rule
Link:
https://www.unpac.me/results/f85b8648-4677-4409-b962-de7fdb371377/
SH256 hash:
4d5d941c281dc2b2c7297318eb73d953e3b36d73ae12709a4b5eeef59c2d0c84
MD5 hash:
c6c08b3c3852d80ca6144e9affb308ec
SHA1 hash:
0679af101972747bb6f024c43b981353a297cee5
Link:
https://www.unpac.me/results/f85b8648-4677-4409-b962-de7fdb371377/
SH256 hash:
d6c1b572807c32145f3f4400c5c8997e285496787fb19806da5584fbb9cf68cb
MD5 hash:
229bc462f14c005ee6cc63d3f61be3dc
SHA1 hash:
9f0e8ae657fb1d63c825126ae8f3865c48e0fa10
Link:
https://www.unpac.me/results/f85b8648-4677-4409-b962-de7fdb371377/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments