MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c2c184982b1a8f34a7d394071a9b8a3c45f4d0b3c54daeeebff50ad77ed00efd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Jadtre

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	c2c184982b1a8f34a7d394071a9b8a3c45f4d0b3c54daeeebff50ad77ed00efd
SHA3-384 hash:	4e62884b6f5766b8689a5cbd0b70d05570b5996d6ddaa4df5dbffc98d824836399ba2bf025a2c895d498f4c4895d9a13
SHA1 hash:	6c1239234850f4f972913c52000912f66d2ba7da
MD5 hash:	b680f3c410e206eb5683164bbffd85e9
humanhash:	muppet-spaghetti-bravo-skylark
File name:	af1b8c19f7c0da15989b51a8fb6fad38
Download:	download sample
Signature	Jadtre Create hunting rule
File size:	27'136 bytes
First seen:	2020-11-17 15:13:34 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	87bed5a7cba00c7e1f4015f1bdae2183 (3'034 x Jadtre, 23 x IcedID, 17 x Blackmoon)
ssdeep	768:Yd5u7mNGtyVf8gQGPL4vzZq2o9W7GMxLkN:Yd5z/fuGCq2iW7B
Threatray	1'143 similar samples on MalwareBazaar
TLSH	5FC2D073CE8080FFC0CB3472204522CB9B535A7265AA7867A750980E7DBCDE0DA7A757
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Asprotect-3

Win.Malware.Vtflooder-6260355-1

Win.Malware.Cerbu-9789017-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a file in the %temp% directory

Creating a process from a recently created file

DNS request

Creating a window

Changing an executable file

Connection attempt

Sending an HTTP POST request

Modifying an executable file

Creating a file

Running batch commands

Creating a process with a hidden window

Connection attempt to an infection source

Infecting executable files

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c2c184982b1a8f34a7d394071a9b8a3c45f4d0b3c54daeeebff50ad77ed00efd/

Threat name:

Win32.Virus.Jadtre

Status:

Malicious

First seen:

2020-11-17 15:22:18 UTC

AV detection:

39 of 48 (81.25%)

Threat level:

5/5

Verdict:

malicious

Unpacked files

SH256 hash:

c2c184982b1a8f34a7d394071a9b8a3c45f4d0b3c54daeeebff50ad77ed00efd

MD5 hash:

b680f3c410e206eb5683164bbffd85e9

SHA1 hash:

6c1239234850f4f972913c52000912f66d2ba7da

Link:

https://www.unpac.me/results/6fae5798-fc24-4527-a1a6-b75f1f761a3c/

SH256 hash:

8481c43c050052eddc8c6ed555a1fb2038e0df6bd4324208c403c3c9f29efcb6

MD5 hash:

ae0e3f31f18f0b9075357c3732e269b6

SHA1 hash:

cc20b5cb821a2a88cab4fcc92ef54b7a9020000f

Detections:

win_unidentified_045_g0

win_unidentified_045_auto

Link:

https://www.unpac.me/results/6fae5798-fc24-4527-a1a6-b75f1f761a3c/

SH256 hash:

6f9090e6c91bbcef3cf98c4a7078afa6bbccc94bc417c5296a9418a20d96b84a

MD5 hash:

052dcb636aa00244ec16a252465d0db4

SHA1 hash:

3ddb4929c10c9e218d4bc10b26a343e65e60754d

Link:

https://www.unpac.me/results/6fae5798-fc24-4527-a1a6-b75f1f761a3c/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample