MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 52a498f0686d5c4aff5b7c242080448b7d0f89512c9401254a9960ccef4ee061. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Jadtre


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 52a498f0686d5c4aff5b7c242080448b7d0f89512c9401254a9960ccef4ee061
SHA3-384 hash: e45e65921721234e8253219d7367c7f1e367432ebd7844fd47c3464aa22b899e3e88c27a4124286659a2b48ac6db7584
SHA1 hash: 5e96ce716ed67d4459010f6826a77af44a0d9542
MD5 hash: da09b475db8cc19c5f0ed61ba4afdbb0
humanhash: mississippi-moon-early-hotel
File name:adf2471b41624fbff08823f3718aefa6
Download: download sample
Signature Jadtre
Create hunting rule
File size:27'136 bytes
First seen:2020-11-17 15:55:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 87bed5a7cba00c7e1f4015f1bdae2183 (3'034 x Jadtre, 23 x IcedID, 17 x Blackmoon)
ssdeep 768:Bd5u7mNGtyVfHQQGPL4vzZq2oZ7G2xXVC:Bd5z/fbGCq2w7n
Threatray 1'512 similar samples on MalwareBazaar
TLSH BCC2D072CE8080FFC0CF3472208522CBAB535A7255AA6867A710D81E7DBCDD0DA7A753
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Win.Malware.Vtflooder-6260355-1
Create hunting rule

Win.Malware.Cerbu-9789017-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a process from a recently created file
Creating a window
Changing an executable file
DNS request
Connection attempt
Sending an HTTP POST request
Modifying an executable file
Creating a file
Running batch commands
Creating a process with a hidden window
Connection attempt to an infection source
Infecting executable files
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Wapomi
Create hunting rule
Detection:
malicious
Classification:
spre.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/543338
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Binary contains a suspicious time stamp
Detected unpacking (changes PE section rights)
Infects executable files (exe, dll, sys, html)
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Wapomi
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/52a498f0686d5c4aff5b7c242080448b7d0f89512c9401254a9960ccef4ee061/
Threat name:
Win32.Virus.Jadtre
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 16:04:53 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
072c10e75caac5dbe97a63f411530d54f22ace9ed066f012b47dd6bbae486fe9
Jadtre
11f6ffbf034ee9e2115222e2f2f1e53da05f25678d352e4122277053ba0a4822
Jadtre
480a5430396cebcc2d332a2794404fdfcfb35745f21902140ecaca357032b723
Jadtre
86051d318ae659f8265007a96ca0e5951cda1a8981399e524bb44397465e40ab
Jadtre
8fe5c527e58998765edf1003cfa2a845f294c27a235aa0b160d4df29e9efde2a
Jadtre
a18a4ce7f442cb7449a3421874eba2b95f549f2af2d8f722954f01ddfc18f47d
Jadtre
aa30a61a97760afd8934709879b92d2c64a9d9008ccf406c7fc4befe417c28b5
Jadtre
c4a24f1a94961ff296a9f67f62bba564e38f00a3533bd0540009c6108632be22
Jadtre
ee9dbae96c7631f6157c489785f175705338303b915d574425037c57c440f6fa
Jadtre
fee5041b8b2be64b4a223479773c5bcc214fc19dbc4e1c1b77b79dad05482ad3
Jadtre
+ 1'502 additional samples on MalwareBazaar
Unpacked files
SH256 hash:
52a498f0686d5c4aff5b7c242080448b7d0f89512c9401254a9960ccef4ee061
MD5 hash:
da09b475db8cc19c5f0ed61ba4afdbb0
SHA1 hash:
5e96ce716ed67d4459010f6826a77af44a0d9542
Link:
https://www.unpac.me/results/bb1ea439-38cf-48f8-b016-7312cae299d8/
SH256 hash:
e9b9a34b110186d91740839ffeecb8f276c29f2caea40914a49b67b32e6d664a
MD5 hash:
f9d89a759a4fa55390d30a9b6d56d3ea
SHA1 hash:
acb5cfe3fd29958a5ddccaf09b2c618ccf5b2a6e
Detections:
win_unidentified_045_g0
Create hunting rule
win_unidentified_045_auto
Create hunting rule
Link:
https://www.unpac.me/results/bb1ea439-38cf-48f8-b016-7312cae299d8/
SH256 hash:
8c8ee1d10160fe5077a1646f3e0d1e614480c7e899948be3faf635d9207f46bc
MD5 hash:
443b69b4f1b06d8311b865feb0853b7d
SHA1 hash:
f7594e7fce475fdd9cf7d997add94394cbf5b743
Link:
https://www.unpac.me/results/bb1ea439-38cf-48f8-b016-7312cae299d8/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments