MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 554a9cf9a357f85bd6001c02fc19b8fa3d9154a34c9f9b61e7d7a582e5c0f3fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Jadtre


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 554a9cf9a357f85bd6001c02fc19b8fa3d9154a34c9f9b61e7d7a582e5c0f3fc
SHA3-384 hash: 255213d040d0d7c1a87eb92d767a64afa6587cef07837145a5a5ee99c7aa7874b3a628224cba1d69f4e50ce6a017aa79
SHA1 hash: 3c39b28e6ba2b3872415ec3a3098be1eff0563f8
MD5 hash: d84392614de2f7d780f58b894af9e5c1
humanhash: crazy-kansas-king-eleven
File name:aa27c86d327bf134b7f649e0fd695cfa
Download: download sample
Signature Jadtre
Create hunting rule
File size:27'136 bytes
First seen:2020-11-17 16:00:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 87bed5a7cba00c7e1f4015f1bdae2183 (3'034 x Jadtre, 23 x IcedID, 17 x Blackmoon)
ssdeep 768:8d5u7mNGtyVfjG9QGPL4vzZq2oZ7GTxOrV8:8d5z/fj9GCq2w7H
Threatray 1'581 similar samples on MalwareBazaar
TLSH 79C2D072CE8080FFC0CB34722085228B9B575A72657A6867A710981E7DBCDE0DA7A753
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Win.Malware.Vtflooder-6260355-1
Create hunting rule

Win.Malware.Cerbu-9789017-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a process from a recently created file
Creating a window
Changing an executable file
DNS request
Connection attempt
Sending an HTTP POST request
Modifying an executable file
Creating a file
Running batch commands
Creating a process with a hidden window
Connection attempt to an infection source
Infecting executable files
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Wapomi
Create hunting rule
Detection:
malicious
Classification:
spre.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/540806
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Binary contains a suspicious time stamp
Detected unpacking (changes PE section rights)
Infects executable files (exe, dll, sys, html)
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Wapomi
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/554a9cf9a357f85bd6001c02fc19b8fa3d9154a34c9f9b61e7d7a582e5c0f3fc/
Threat name:
Win32.Virus.Jadtre
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 16:07:54 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1dbf0bbdeea985fa7802acd1cf00b8bd71e614971b9ba0e55a6585bdc3901987
Jadtre
37800c0fa4751dd361cdb1fa390845fd7bda1a4259ef0c5fed79e519996a6b60
Jadtre
43bc46875b5bdd4682bf3d2effc1da13207713542f97279a90f41b64094b79b7
Jadtre
788d1a8ffb20f900399dc3f304155ef592a3cccb75741a65f41718fd5e70ae89
Jadtre
7bd5d82c20547b3fd3aeffb92d73dc43556ab30b6202cc9fba9628dd85f1acc6
Jadtre
856e7b28f3b675bc82a6d0a3d549bf5b6f22513b17669a3e1dbe37dbce39c3ea
Jadtre
88a05bcbca656879186989163995f33d0d6a5db712acd52bdefa51529d15b30c
Jadtre
d42bdfdf3f7fd400bc5a5a43e3b4d56284d89b67cb81789b357fef38d3f8486e
Jadtre
d96c235d59988da354ebcf8ffa90ed6dec7fae3bb5685d45b6c5a09a295f57c7
Jadtre
f5ff5aa00b775b3e0744d196f93f8444c84a3bb0fcd37bfa77a51cd404011cea
Jadtre
+ 1'571 additional samples on MalwareBazaar
Unpacked files
SH256 hash:
554a9cf9a357f85bd6001c02fc19b8fa3d9154a34c9f9b61e7d7a582e5c0f3fc
MD5 hash:
d84392614de2f7d780f58b894af9e5c1
SHA1 hash:
3c39b28e6ba2b3872415ec3a3098be1eff0563f8
Link:
https://www.unpac.me/results/64796369-5a0a-4b1d-a4ab-98a6ea093d93/
SH256 hash:
61851dea1c387a651f222a8c73ed50ca10d92e7252f0eb9fd6818812e52bc569
MD5 hash:
6ddf32290a8de1666fc14451382911bc
SHA1 hash:
6a00c1eb1455df13b9b61301767f1e0ed530e8db
Detections:
win_unidentified_045_g0
Create hunting rule
win_unidentified_045_auto
Create hunting rule
Link:
https://www.unpac.me/results/64796369-5a0a-4b1d-a4ab-98a6ea093d93/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments