MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b123e1fb217e9f8c451e8ce36e640108bd553a927312e80e3ae77cbc606ac693. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Jadtre


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b123e1fb217e9f8c451e8ce36e640108bd553a927312e80e3ae77cbc606ac693
SHA3-384 hash: 1eee13dbefb39bb3559490b720a885a1a1bcaa17138be91d4bb55e359ff5d3583052b06ab1fc9affefb0bc6e5166d37b
SHA1 hash: b725afac5402debf0eb8835c18ca69e49a7f40c0
MD5 hash: b929f4d2e258a73c7f8f0bd2f7243fb9
humanhash: shade-earth-sink-fanta
File name:b1321ec5ccd2b2d3d44ee97095030119
Download: download sample
Signature Jadtre
Create hunting rule
File size:27'136 bytes
First seen:2020-11-17 14:35:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 87bed5a7cba00c7e1f4015f1bdae2183 (3'034 x Jadtre, 23 x IcedID, 17 x Blackmoon)
ssdeep 768:Td5u7mNGtyVfjs+fQGPL4vzZq2o9W7GTx+edm:Td5z/fjx4GCq2iW74
Threatray 1'317 similar samples on MalwareBazaar
TLSH FEC2D0B2CE80C0FFC0CB3432208522CB9B535A7255AA7867A750981E7DBCDD0DA7A753
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Win.Malware.Vtflooder-6260355-1
Create hunting rule

Win.Malware.Cerbu-9789017-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Sending a UDP request
Creating a process from a recently created file
Creating a window
Changing an executable file
DNS request
Connection attempt
Sending an HTTP POST request
Modifying an executable file
Creating a file
Running batch commands
Creating a process with a hidden window
Connection attempt to an infection source
Infecting executable files
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b123e1fb217e9f8c451e8ce36e640108bd553a927312e80e3ae77cbc606ac693/
Threat name:
Win32.Virus.Jadtre
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 14:36:23 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0054c46caefae4eb027404216d953121cca4f5894fe5cb0a306976a68ce8467e
Jadtre
073e6c9f625f4a00908a8e2faa1c309c2a727de6d046743cb194de35258cd562
Jadtre
1521f6e2490875d21f8f0049a0d600517c694f02b3630ecf81083cdbc07ecfa4
Jadtre
52a8b0bf8f46c61d1fe9f9beec00ec18323c69a8669927a337cbf221fd6f0cc0
Jadtre
89fd864eb74355e1c24f9b6e07471dcf07cba5276df3718c1d4456eb9346a0ff
Jadtre
a62a2dff033534a5d13a8df2bed394a5d69e3f503e9fb2db617bd5fa3c65d345
Jadtre
b31e66544800c0c323ab75dc813bab7cdac87a5687256e38e394f1c6bb67e146
Jadtre
bfc13db0886bccfd1ef1ae43587eb149ef56870abaffff4b2c8f6eb4544b8e99
Jadtre
d2d94abac050fc73c2b99339ccfc0cbffaf0f6f4a41b591e319832a04e4b7d69
Jadtre
f79e744685b32d9c66339727845a64ae8da3ef3d6139c7f26eda5abb98d389b1
Jadtre
+ 1'307 additional samples on MalwareBazaar
Unpacked files
SH256 hash:
b123e1fb217e9f8c451e8ce36e640108bd553a927312e80e3ae77cbc606ac693
MD5 hash:
b929f4d2e258a73c7f8f0bd2f7243fb9
SHA1 hash:
b725afac5402debf0eb8835c18ca69e49a7f40c0
Link:
https://www.unpac.me/results/bdca725b-9fb7-4d51-be67-d165071f2fdc/
SH256 hash:
714a2bb220fad1dc924d6596934536df5bef9c6686b4a481b25940ec98a431ea
MD5 hash:
b101f966fc18a2f3e7dfbffe20198e79
SHA1 hash:
67c842a3a87ceb5f028b7c112f07ed1e553caf87
Detections:
win_unidentified_045_g0
Create hunting rule
win_unidentified_045_auto
Create hunting rule
Link:
https://www.unpac.me/results/bdca725b-9fb7-4d51-be67-d165071f2fdc/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments