MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8554e471a472d7b9ed789cd954e5a74d97b4820b7ff1e800e132576a8126d6ba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Jadtre


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8554e471a472d7b9ed789cd954e5a74d97b4820b7ff1e800e132576a8126d6ba
SHA3-384 hash: cb19e92d4dcc57cb47c5daf5a9c394e8ccea4ba2c668fd4726dcb91084e5a1d8793d0b2fc5bce327ffbb30bd304ff6bb
SHA1 hash: 67620e06fbeb134940be709b86aa412a7ddea758
MD5 hash: 2e37ba51a7368c8a8763f51bc42c8f7c
humanhash: yankee-minnesota-social-charlie
File name:b2cfc8323c1b4b35b1e0fcb1fe55661a
Download: download sample
Signature Jadtre
Create hunting rule
File size:27'136 bytes
First seen:2020-11-17 15:03:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 87bed5a7cba00c7e1f4015f1bdae2183 (3'034 x Jadtre, 23 x IcedID, 17 x Blackmoon)
ssdeep 768:Dd5u7mNGtyVfvASfQGPL4vzZq2o9W7GmxDbma:Dd5z/fvV4GCq2iW7j
Threatray 1'200 similar samples on MalwareBazaar
TLSH 8DC2D0B2CE4084FFC0CF3432208522CBDB575A72656A6867A710981E7DBCDE0DA7A753
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Win.Malware.Vtflooder-6260355-1
Create hunting rule

Win.Malware.Cerbu-9789017-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a process from a recently created file
Creating a window
DNS request
Changing an executable file
Connection attempt
Sending an HTTP POST request
Modifying an executable file
Creating a file
Running batch commands
Creating a process with a hidden window
Connection attempt to an infection source
Infecting executable files
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8554e471a472d7b9ed789cd954e5a74d97b4820b7ff1e800e132576a8126d6ba/
Threat name:
Win32.Virus.Jadtre
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 15:15:55 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
004a45a255226ed7ce17259b57f917921317ee2d43b75f15c33f0468b1c2e45b
Jadtre
057df377a769e40f2a0fee4b5d4203e632d240952ffb8b3001b935ee8f9d2e75
Jadtre
06f934254fc9cfbd0eb62cf8836b762c600a73d8fd659252b6d6c4116d9ad803
Jadtre
084dc695783dc3cbae99e9dfa6f9a97284e3b4805375155cb22cf83918c089b8
Jadtre
3730fee5301eb423fa8e1628b233221008914d03403b5ff22dc3f1b2e4f265ba
Jadtre
45ed52b2468bfa715ffdcbf06c5d38c34caabf13123a8d47fc20cfcc99003ef5
Jadtre
57641e84a274a773484998f2abc8321a5d67784bed1b9076f74e3067c445cf27
Jadtre
74fe024d6dadcc87802b0b6bfb9e97d0f77f68799167e7185bf5945463eb08c6
Jadtre
77c178ca423898ae9ef88e00198988bf0b8364140bc1ab8791126aeff3144acc
Jadtre
84dcae98314f03119fe0cc16c223d1b7573bd0a9b4dba4e84ccc160fa650c3be
Jadtre
+ 1'190 additional samples on MalwareBazaar
Unpacked files
SH256 hash:
8554e471a472d7b9ed789cd954e5a74d97b4820b7ff1e800e132576a8126d6ba
MD5 hash:
2e37ba51a7368c8a8763f51bc42c8f7c
SHA1 hash:
67620e06fbeb134940be709b86aa412a7ddea758
Link:
https://www.unpac.me/results/46e2aad2-fc34-4fe6-b8a7-40fb23a62767/
SH256 hash:
fa8ff95204849d3ae846cd8dd46d06288b217c28ecd27dffb45984e42637cfb7
MD5 hash:
cd02537e2cdf7cf07f9c5c25b3e99c1f
SHA1 hash:
23f0e857e7e5c7e488d14080677949085250b412
Detections:
win_unidentified_045_g0
Create hunting rule
win_unidentified_045_auto
Create hunting rule
Link:
https://www.unpac.me/results/46e2aad2-fc34-4fe6-b8a7-40fb23a62767/
SH256 hash:
7ebb4a4e216fb1028bb2804386e09347c3fe892e8ef2fedb3ce063eff57015c2
MD5 hash:
032accf86160eeec99bfa73b251750a9
SHA1 hash:
255172ac4bcc499655365674d39571cc3f1ac131
Link:
https://www.unpac.me/results/46e2aad2-fc34-4fe6-b8a7-40fb23a62767/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments