MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b8386da345c724e6ff79281b60826a4e86d507cfa5e3014e42d872bbc540b75a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Jadtre


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b8386da345c724e6ff79281b60826a4e86d507cfa5e3014e42d872bbc540b75a
SHA3-384 hash: 75e0f982aab6375218804e981bbd709c9bfb2d598e88385172892eed9e242b27ef8de12d59f2987007079a42fa52a5b1
SHA1 hash: 8fd68bdbfcc4c452643bbecf4f4e70bc23a35397
MD5 hash: 14016fc2beb738f9096d18b23231e34a
humanhash: autumn-kitten-montana-eight
File name:b2cb536966e29f17ad64e0616641d5c1
Download: download sample
Signature Jadtre
Create hunting rule
File size:27'136 bytes
First seen:2020-11-17 15:54:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 87bed5a7cba00c7e1f4015f1bdae2183 (3'034 x Jadtre, 23 x IcedID, 17 x Blackmoon)
ssdeep 768:/d5u7mNGtyVfhrjQGPL4vzZq2o9W7G0x975j:/d5z/fhgGCq2iW7b
Threatray 1'576 similar samples on MalwareBazaar
TLSH 03C2D0B3CE8090FFC0CB3432204521CBEB575672A5AA6867A740981E7DBCDD0DA7A753
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Win.Malware.Vtflooder-6260355-1
Create hunting rule

Win.Malware.Cerbu-9789017-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a process from a recently created file
Creating a window
Changing an executable file
DNS request
Connection attempt
Sending an HTTP POST request
Modifying an executable file
Creating a file
Running batch commands
Creating a process with a hidden window
Connection attempt to an infection source
Infecting executable files
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Wapomi
Create hunting rule
Detection:
malicious
Classification:
spre.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/543488
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Binary contains a suspicious time stamp
Detected unpacking (changes PE section rights)
Infects executable files (exe, dll, sys, html)
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Wapomi
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b8386da345c724e6ff79281b60826a4e86d507cfa5e3014e42d872bbc540b75a/
Threat name:
Win32.Virus.Jadtre
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 16:04:35 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0426a7885af4f058abc779ed754e5513894497fab382ecaf31d9817ecba50382
Jadtre
06f934254fc9cfbd0eb62cf8836b762c600a73d8fd659252b6d6c4116d9ad803
Jadtre
08a31969110b67ca172f37a6cddaa7811e1d78ab6bef6ce9298c83af54733962
Jadtre
30469c341c520a950a72eb6590a9a3b85c488bcab06a186ffedafc46f0b406c8
Jadtre
308c9b77ee95ff95013bba01aa2ed7f8c588139ca3660a7b724f9694af1fbeba
Jadtre
35d6d1f6067d4ba1d1e106da05673040572e68fda412bb63049a0dbf5054b812
Jadtre
4197b94f56bb9c7297b4db213a976ba22148ef828cc4fa376d97efa3b64f61cf
Jadtre
47244def32829cff70e708ce99b13caf4a114c36a0136d82f4b8eac4c582e977
Jadtre
eb2c17387c25b330314195ff4f6468a8f3deec2fd59c292978000113ef167265
Jadtre
ed07f4f1dad6c3b7fa22fbde88009ebe6c8da924dac27aef920ab3a980f260f8
Jadtre
+ 1'566 additional samples on MalwareBazaar
Unpacked files
SH256 hash:
b8386da345c724e6ff79281b60826a4e86d507cfa5e3014e42d872bbc540b75a
MD5 hash:
14016fc2beb738f9096d18b23231e34a
SHA1 hash:
8fd68bdbfcc4c452643bbecf4f4e70bc23a35397
Link:
https://www.unpac.me/results/7423192d-7c3c-4169-be7f-b5795800de23/
SH256 hash:
df2192ceec3a21f199b593b40d427e7409dfd9d5be4eaa7b2a9cc00f96429c91
MD5 hash:
5df409421fe27c608c221e3991e96f30
SHA1 hash:
f5415069930b7876ac980a56db319486791b5061
Detections:
win_unidentified_045_g0
Create hunting rule
win_unidentified_045_auto
Create hunting rule
Link:
https://www.unpac.me/results/7423192d-7c3c-4169-be7f-b5795800de23/
SH256 hash:
d52d5b667a9940a34529c25f15756e07166f115196539cd435918ce657e72c6f
MD5 hash:
8efa70d0a51821b2bfeee4c5351cbbda
SHA1 hash:
5f30c1d1c5577359881ba5a77b04e2c053689d4c
Link:
https://www.unpac.me/results/7423192d-7c3c-4169-be7f-b5795800de23/
SH256 hash:
9550bd234127567623395b191310839c4cb5f6527de1354e4f5a412d65f3b239
MD5 hash:
e03919065f4fb340c2a191cd404f7b54
SHA1 hash:
b82afac774b8a17b5925b0ffe649e358974045f4
Link:
https://www.unpac.me/results/7423192d-7c3c-4169-be7f-b5795800de23/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments