MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 10cf748693a03e95d4f2efab81757ec3ad3905129e84b7dc8c491d9e5fbb550e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 10cf748693a03e95d4f2efab81757ec3ad3905129e84b7dc8c491d9e5fbb550e
SHA3-384 hash: a5e379567977f06563584fb1f84d9747c696e631563b608fea9016f936bcfa8b76160334617785308fc99a2e6a1b111f
SHA1 hash: b23060ce2583c89a4ab5bc690e3a7facab8912e9
MD5 hash: 2c7c0d6d1c2980b395f79bb37350ca01
humanhash: quebec-comet-west-wolfram
File name:Order Inquiry 2020067-POD Engineering.scr
Download: download sample
File size:1'255'424 bytes
First seen:2020-06-11 06:23:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 70411d486e9bd9bdaaf2d4939bbd54bc (1 x NetWire, 1 x FormBook)
ssdeep 24576:iaXcbtJOhBn2j4byGtIW3ngjlZoooooooooooooooo:iaXqO2sbyVxZoooooooooooooooo
Threatray 75 similar samples on MalwareBazaar
TLSH 9B456C22B7914C33C1331A3DDC5B9679E82ABE511A24A8C62BF83D789F75341392D1B7
Reporter abuse_ch
Tags:scr


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.etclbd.com
Sending IP: 27.147.151.99
From: POD Engineering & Trading <yumi.tan@podengineering.com.sg>
Subject: Order Inquiry 2020067-POD Engineering
Attachment: Order Inquiry 2020067-POD Engineering.img (contains "Order Inquiry 2020067-POD Engineering.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Remcos
Create hunting rule
Link:
https://www.capesandbox.com/analysis/8922/
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

Gathering data
Threat name:
Win32.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 06:25:10 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cdhxjbutua7jlvhs56vyc5l6yowtsbist2clpxemjeoz4x53kuha._file
Verdict:
malicious
Similar samples:
36abbef320573be77f282a10faa2413d38710d336ab7c61eb31a8f0ee572f6f6
397545efcbf53bebabdb003bbe9f8b619b7ffdd5383c21ecd9e99c6de3e3cd83
40e95520d719a9c3277c76b42124de197dc391210b1053fa505897838dcdcb90
5e499f9a72195ce2d1d2e0ca6dffbacc880ae5bc0847ea03e65060c993e35146
862b45e2c98a175f625797db1d3342e0d9dc35b79e3386deb42c06b1918867d9
99ebd29c10ab0e9063fbec9966f1be56986d6c74630fb251baab26988aec93cd
9dbdec587ca0c7713c3b5bb6e95803937226529b3b4515df219a8860cecfe76d
a6f0c8a174b516c26adcb179c3c902e2669a3843ad14e32cbd60958ad8604e7c
bcb474ac919440674135c673d8c6a0fc8015a63a15b2849c3346f74a716b5249
f2c4b98fdadf7b1fec173ed6493daaaf1dbb13d8d659a73d9a6b494f32a750fb
+ 65 additional samples on MalwareBazaar
Result
Malware family:
modiloader
Create hunting rule
Score:
  10/10
Tags:
family:modiloader
Link:
https://tria.ge/reports/201109-n1vwaj987j/
Behaviour
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

img ef8a04f9fd11399d21e735924591b43c5bb4f676ec559dcd404b9cf7f4271fdd

Executable exe 10cf748693a03e95d4f2efab81757ec3ad3905129e84b7dc8c491d9e5fbb550e

(this sample)

  
Dropped by
MD5 c32dd746f501b804772e4e3642bc61dc
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ef8a04f9fd11399d21e735924591b43c5bb4f676ec559dcd404b9cf7f4271fdd
Cape
Cape
https://www.capesandbox.com/analysis/8922/

Comments