MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 40e95520d719a9c3277c76b42124de197dc391210b1053fa505897838dcdcb90. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 40e95520d719a9c3277c76b42124de197dc391210b1053fa505897838dcdcb90
SHA3-384 hash: 69a21f604804f12bead909a3af4473b3a850ecfe3b964be438bbf105f893ddbe2f7af8b108e87d09df5c53b4a797991d
SHA1 hash: a20fe42241b4e733657d4a39b43342882b106e4e
MD5 hash: 5bc47b9dc1ce0153f04f9712a2fc8654
humanhash: leopard-hawaii-romeo-april
File name:README.EXE
Download: download sample
File size:1'255'424 bytes
First seen:2020-06-10 15:01:23 UTC
Last seen:2020-06-10 17:53:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 70411d486e9bd9bdaaf2d4939bbd54bc (1 x NetWire, 1 x FormBook)
ssdeep 24576:yaXcbtJOhBn2j4byGtIW3n0jlioooooooooooooooo:yaXqO2sby5xioooooooooooooooo
Threatray 75 similar samples on MalwareBazaar
TLSH 23456C22B7914C33C1331A3DDC5B9679E82ABE511A24A8C62BF83D789F75341392D1B7
Reporter cocaman
Tags:exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7613/
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 15:03:05 UTC
File Type:
PE (Exe)
Extracted files:
47
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iduvkigxdgu4gj34o22ccjg6df64hejbbmifh6sqlclyhdonzoia._file
Verdict:
malicious
Similar samples:
10cf748693a03e95d4f2efab81757ec3ad3905129e84b7dc8c491d9e5fbb550e
36abbef320573be77f282a10faa2413d38710d336ab7c61eb31a8f0ee572f6f6
397545efcbf53bebabdb003bbe9f8b619b7ffdd5383c21ecd9e99c6de3e3cd83
5e499f9a72195ce2d1d2e0ca6dffbacc880ae5bc0847ea03e65060c993e35146
862b45e2c98a175f625797db1d3342e0d9dc35b79e3386deb42c06b1918867d9
99ebd29c10ab0e9063fbec9966f1be56986d6c74630fb251baab26988aec93cd
9dbdec587ca0c7713c3b5bb6e95803937226529b3b4515df219a8860cecfe76d
a6f0c8a174b516c26adcb179c3c902e2669a3843ad14e32cbd60958ad8604e7c
bcb474ac919440674135c673d8c6a0fc8015a63a15b2849c3346f74a716b5249
f2c4b98fdadf7b1fec173ed6493daaaf1dbb13d8d659a73d9a6b494f32a750fb
+ 65 additional samples on MalwareBazaar
Result
Malware family:
modiloader
Create hunting rule
Score:
  10/10
Tags:
family:modiloader trojan
Link:
https://tria.ge/reports/201109-k9rg8mqg92/
Behaviour
Suspicious use of WriteProcessMemory
ModiLoader First Stage
ModiLoader, DBatLoader
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

iso 4934ffbb1080a9609a8c524823f5e0bd1657cde64b282098f7c9d369ae9fe694

Executable exe 40e95520d719a9c3277c76b42124de197dc391210b1053fa505897838dcdcb90

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 4934ffbb1080a9609a8c524823f5e0bd1657cde64b282098f7c9d369ae9fe694
Cape
Cape
https://www.capesandbox.com/analysis/7613/

Comments