SHA1MediumSignal 29/100
ded5c06cf21d2b93bffd5d884aa6e96934ee4234
First Seen
Apr 17, 2026
Last Seen
Apr 24, 2026
Found in 2 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-1 Hash
SHA-1 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA1
Confidence
29%
Signal Score
29 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
2 reports29% confidence
2
Source reports
29%
Confidence score
Category tags
file-hashgettickcountgui coverindicatorinlinejitterdroppermsvcmsvc windowsresearchedrustsleept1055t1104t1105t1106t1127t1140t1497.003threat actortor nodevariantvariant iividaryaraziexzrywwge
Activity Timeline
Apr 24Apr 24
Threat Activity Heatmap
· Peak: 2026-04-24LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
29
SIGNAL
Signal Score
29%
Confidence
2
Reports
First seenApr 17, 2026
Last seenApr 24, 2026
VirusTotal
Not checked
WHOIS
- description
- JitterDropper is a new Windows dropper written in Rust and MSVC, identified in development since March 2026, with multiple builds analyzed across two main variants. The first variant embeds a payload within its .rdata section, utilizing a multi-pass decryption process to produce a Donut shellcode loader with an embedded Portable Executable (PE). The second variant features a more compact stager that downloads a 122-byte encrypted shellcode blob from http://pixeldrain.com, decrypting it with a single SSE-32 repeating XOR key. All builds are compiled with the consistent Rust 1.92.0 MSVC toolchain.
- references
- IOCs.2026.csv, https://research.openanalysis.net/jitterdropper/dropper/rust/srdi/donut/pixeldrain/2026/04/13/jitterdropper.html
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 month ago · Last seen 1 month ago
Appeared in 2 threat reports