MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b8c0c99165349c62293d6acbb5b6af5665029cefeb0474d74c9200b2f385109d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Jadtre

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	b8c0c99165349c62293d6acbb5b6af5665029cefeb0474d74c9200b2f385109d
SHA3-384 hash:	a17d098df6c8bf493fad6bf83ab7a61a425e3eabd4b7e87c7ac1004cf232484864a18530db37bb0ca3f3a5792e5d49d3
SHA1 hash:	128df6f8004b1bc38bc61ce5281bdfcc7fc869ac
MD5 hash:	0464022715bde2fc9d6786c55cb250fc
humanhash:	mobile-freddie-hamper-nebraska
File name:	b224e83423a06f21fb140d71659a4a74
Download:	download sample
Signature	Jadtre Create hunting rule
File size:	27'136 bytes
First seen:	2020-11-17 14:04:28 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	87bed5a7cba00c7e1f4015f1bdae2183 (3'034 x Jadtre, 23 x IcedID, 17 x Blackmoon)
ssdeep	768:Sd5u7mNGtyVfx7qQGPL4vzZq2o9W7GgxuIxo:Sd5z/fhJGCq2iW75
Threatray	529 similar samples on MalwareBazaar
TLSH	B7C2D073CE8080FFC0CB3472204522CBAB135A7255AA7867A750981E7DBCDE0DA7A753
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Asprotect-3

Win.Malware.Vtflooder-6260355-1

Win.Malware.Cerbu-9789017-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a file in the %temp% directory

Creating a process from a recently created file

Creating a window

Changing an executable file

DNS request

Connection attempt

Sending an HTTP POST request

Modifying an executable file

Creating a file

Running batch commands

Creating a process with a hidden window

Connection attempt to an infection source

Infecting executable files

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b8c0c99165349c62293d6acbb5b6af5665029cefeb0474d74c9200b2f385109d/

Threat name:

Win32.Virus.Jadtre

Status:

Malicious

First seen:

2020-11-17 14:05:17 UTC

AV detection:

27 of 29 (93.10%)

Threat level:

5/5

Verdict:

malicious

Unpacked files

SH256 hash:

b8c0c99165349c62293d6acbb5b6af5665029cefeb0474d74c9200b2f385109d

MD5 hash:

0464022715bde2fc9d6786c55cb250fc

SHA1 hash:

128df6f8004b1bc38bc61ce5281bdfcc7fc869ac

Link:

https://www.unpac.me/results/cb341642-3ec2-46c0-b14a-3a24e0cce579/

SH256 hash:

c01b6071912ddbe61009bb76d78cebe31c8e1382205000d6027b42b29070edd2

MD5 hash:

716aa8690bea4d1e1c2a930efe9a255a

SHA1 hash:

e9d731f1d34dd0fa2557e2bdc6875d12e2d10429

Detections:

win_unidentified_045_g0

win_unidentified_045_auto

Link:

https://www.unpac.me/results/cb341642-3ec2-46c0-b14a-3a24e0cce579/

SH256 hash:

e9f8018f0d76059c619290befa25e6b55762ba8bf92a86b839db54140ff54240

MD5 hash:

3ba7962c1923e7741e578cc0a625b9b8

SHA1 hash:

4119177e1d043c0bf7573013899ba6845e88a95d

Link:

https://www.unpac.me/results/cb341642-3ec2-46c0-b14a-3a24e0cce579/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample