MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60cfe61240080b0a02bd189283599b96eac16dfd3ff6f0a4eb9b4b94d66fd5b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Jadtre


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 60cfe61240080b0a02bd189283599b96eac16dfd3ff6f0a4eb9b4b94d66fd5b7
SHA3-384 hash: 6f9ae1829719b4cc6c707e90e9ac510019032c584b3f06345ee63d112aefcf9ea58d2e7fa6509405a703b0fce22d2f19
SHA1 hash: 2ce920e66d4d263df6576327f5c3848f93061059
MD5 hash: 4acf59f60bc455ae531c3d0d6ce5c59c
humanhash: batman-twelve-chicken-lactose
File name:b242eb9409b7464202653305f18eccc7
Download: download sample
Signature Jadtre
Create hunting rule
File size:27'136 bytes
First seen:2020-11-17 16:03:06 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 87bed5a7cba00c7e1f4015f1bdae2183 (3'034 x Jadtre, 23 x IcedID, 17 x Blackmoon)
ssdeep 768:fd5u7mNGtyVfhzTQGPL4vzZq2o9W7GUxssB6:fd5z/fhAGCq2iW7v
Threatray 1'575 similar samples on MalwareBazaar
TLSH 25C2D072CE8080FFC0CB3472208521DB9B535672A56A7867A750981E7DBCDD0EE7A753
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Win.Malware.Vtflooder-6260355-1
Create hunting rule

Win.Malware.Cerbu-9789017-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a process from a recently created file
Creating a window
Changing an executable file
DNS request
Connection attempt
Sending an HTTP POST request
Modifying an executable file
Creating a file
Running batch commands
Creating a process with a hidden window
Connection attempt to an infection source
Infecting executable files
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Wapomi
Create hunting rule
Detection:
malicious
Classification:
spre.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/540189
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Binary contains a suspicious time stamp
Detected unpacking (changes PE section rights)
Infects executable files (exe, dll, sys, html)
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Wapomi
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/60cfe61240080b0a02bd189283599b96eac16dfd3ff6f0a4eb9b4b94d66fd5b7/
Threat name:
Win32.Virus.Jadtre
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 16:09:55 UTC
AV detection:
28 of 29 (96.55%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
47244def32829cff70e708ce99b13caf4a114c36a0136d82f4b8eac4c582e977
Jadtre
56f489a71e216c6d1e8528a10bdf5797539ad0282b80e07b289dbec5802cd930
Jadtre
57c8f45380c88265809d43b2df1089ab41fb406f72b166268bda41c1db83f8c0
Jadtre
5e8e396ef1277d43a478398dc41399a7c7ce4c678a5d84c67bd6658a51696b7f
Jadtre
87166e2e9a50ee4e945718788e016556d6c2ee62956c3c5b991e56873decbbf9
Jadtre
9d02c287ee389a868bcd34c133888d1d9209826873cdae03b18d6470ae75a435
Jadtre
a401ae6c45994cfaa945fa0ae85e5fb7649005e6d95f12736b452596697253e1
Jadtre
b31e66544800c0c323ab75dc813bab7cdac87a5687256e38e394f1c6bb67e146
Jadtre
be9d8abd7469f82835dfeefb5e0843d2de18272e86be22128017a7b8167c2b96
Jadtre
dd40feb2743434d29804a964a60e21b00756111c7fb0d16a87ad4a9255428735
Jadtre
+ 1'565 additional samples on MalwareBazaar
Unpacked files
SH256 hash:
60cfe61240080b0a02bd189283599b96eac16dfd3ff6f0a4eb9b4b94d66fd5b7
MD5 hash:
4acf59f60bc455ae531c3d0d6ce5c59c
SHA1 hash:
2ce920e66d4d263df6576327f5c3848f93061059
Link:
https://www.unpac.me/results/3929d14b-9cee-4ed9-877c-8739b7adf2a2/
SH256 hash:
273634c20b3def96b51a9652741662dcd8d3514b645711a5262ce75239aab18a
MD5 hash:
5a8737ea48231df55e5ebd7e494c559a
SHA1 hash:
bc162d74c4a0203d6fe752164137b737e3106bf7
Detections:
win_unidentified_045_g0
Create hunting rule
win_unidentified_045_auto
Create hunting rule
Link:
https://www.unpac.me/results/3929d14b-9cee-4ed9-877c-8739b7adf2a2/
SH256 hash:
fa6e6d5d3e6f079032c33b430635a322989020a2700abf5f9b9b3fa5cccf6cdf
MD5 hash:
3256fca5071b1deb9466b99e6ce8bc95
SHA1 hash:
f3af8d898d88ca48e63e7917f4bcff8f7f5ad015
Link:
https://www.unpac.me/results/3929d14b-9cee-4ed9-877c-8739b7adf2a2/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments