MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60fba1773c47c85582195e4c9e803332189273f45ac96b1417221493af0d0158. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Jadtre


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 60fba1773c47c85582195e4c9e803332189273f45ac96b1417221493af0d0158
SHA3-384 hash: 563f225195ff7942cd06372b8ffe2b01fac1d2c4727b6f5e672c62b5169d7c2a8f520836bc7c60b962f2fa2abe3a7ba3
SHA1 hash: c7c23fe336cc29edb4667790e00cedd9e762c508
MD5 hash: 67d2ca878039b20cbfec626ba7c65e9c
humanhash: papa-music-triple-floor
File name:afe94cdf67b32768f57bcc16b2a7685a
Download: download sample
Signature Jadtre
Create hunting rule
File size:27'136 bytes
First seen:2020-11-17 15:55:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 87bed5a7cba00c7e1f4015f1bdae2183 (3'034 x Jadtre, 23 x IcedID, 17 x Blackmoon)
ssdeep 768:Ud5u7mNGtyVfjh5qQGPL4vzZq2o9W7G8xiNa:Ud5z/fjTJGCq2iW70
Threatray 1'506 similar samples on MalwareBazaar
TLSH 49C2D073CE8080BFC0CB3032204521DBAB575A72556A6867A750D81E7DBCDE0EA7AB53
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Win.Malware.Vtflooder-6260355-1
Create hunting rule

Win.Malware.Cerbu-9789017-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a process from a recently created file
Sending a UDP request
Creating a window
Changing an executable file
DNS request
Connection attempt
Sending an HTTP POST request
Modifying an executable file
Creating a file
Running batch commands
Creating a process with a hidden window
Connection attempt to an infection source
Infecting executable files
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Wapomi
Create hunting rule
Detection:
malicious
Classification:
spre.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/543351
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Infects executable files (exe, dll, sys, html)
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Wapomi
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/60fba1773c47c85582195e4c9e803332189273f45ac96b1417221493af0d0158/
Threat name:
Win32.Virus.Jadtre
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 16:04:50 UTC
AV detection:
26 of 28 (92.86%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1521f6e2490875d21f8f0049a0d600517c694f02b3630ecf81083cdbc07ecfa4
Jadtre
157f768fd503eac6efc60300babf1b9651dd55e4c16187857be99fab55980a71
Jadtre
1fe1ba74e453a8612ad5681fc0f0592744ad68e1c858dea487550a2467bdb5dc
Jadtre
305091e778a0f55ba91eb5bf8f601ded7072c3816609980ffe63f233e673caf8
Jadtre
352c06938c2d7ecde047d8c4c570d297a9d4e07763d23bb02c214bcb6365a450
Jadtre
3689e80c25e9a4f90db62a86f8a2244d0d33075cf4c0e1bba3397a0dfad10692
Jadtre
3ebf5bddb473da496d17808633741a25fe2deadcbcfbb2e84c05fa8e7c6cbbd1
Jadtre
52a8b0bf8f46c61d1fe9f9beec00ec18323c69a8669927a337cbf221fd6f0cc0
Jadtre
9d73819e5b87587bdb019345ee1c3f4c74f6fbc6ec594644091cf438ac6b1610
Jadtre
e2f050c0a7d2474b8539a02104bce8c2d895b1653180873e82d9c630fbc1db6c
Jadtre
+ 1'496 additional samples on MalwareBazaar
Unpacked files
SH256 hash:
60fba1773c47c85582195e4c9e803332189273f45ac96b1417221493af0d0158
MD5 hash:
67d2ca878039b20cbfec626ba7c65e9c
SHA1 hash:
c7c23fe336cc29edb4667790e00cedd9e762c508
Link:
https://www.unpac.me/results/f9ce92c1-3308-4103-8a6d-1b3733abfe5a/
SH256 hash:
c19b6ca7eab862b0089398e332b5f4d1974c2d74a183661ea29cc8325a6f6d48
MD5 hash:
476cf610bebd75fc584f84258cef1127
SHA1 hash:
c271de375710c4fbbeebee9e2fc84c29862a0b1e
Detections:
win_unidentified_045_g0
Create hunting rule
win_unidentified_045_auto
Create hunting rule
Link:
https://www.unpac.me/results/f9ce92c1-3308-4103-8a6d-1b3733abfe5a/
SH256 hash:
76e265d823a668a83e457b3a851793eb8d0d2c168aa4f9307ff9f46aa458c189
MD5 hash:
127e3c1b9491f6b5ebc62e05e0a8d57c
SHA1 hash:
c5f50988cbbec714d505426af7761d4a0aa215d2
Link:
https://www.unpac.me/results/f9ce92c1-3308-4103-8a6d-1b3733abfe5a/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments