MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99ebd29c10ab0e9063fbec9966f1be56986d6c74630fb251baab26988aec93cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 99ebd29c10ab0e9063fbec9966f1be56986d6c74630fb251baab26988aec93cd
SHA3-384 hash: 38d5fc08eff1a2e837f24930914fa2c356680ff32fb1d065f25a948149e962ad5ed0d2b96e483bca17afa71849843b26
SHA1 hash: a10a2e29d954c964d0525a09312322d67b1680fc
MD5 hash: f36429167b08b61f8693f4427c60ce14
humanhash: bluebird-montana-illinois-nebraska
File name:SecuriteInfo.com.Trojan.DownLoader33.52581.8734.6162
Download: download sample
File size:1'254'914 bytes
First seen:2020-06-11 08:21:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 70411d486e9bd9bdaaf2d4939bbd54bc (1 x NetWire, 1 x FormBook)
ssdeep 24576:6aXcbtJOhBn2j4byGtIW3nEjlgooooooooooooooooP:6aXqO2sbyxxgooooooooooooooooP
Threatray 75 similar samples on MalwareBazaar
TLSH 50456C22B7914C33C1331A3DDC5B9679E82ABE511A24A8C62BF83D789F75341392D1B7
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Remcos
Create hunting rule
Link:
https://www.capesandbox.com/analysis/8967/
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

SecuriteInfo.com.Trojan.DownLoader33.52581.8734.6162.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.DownLoader33.52581.22244.7308.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 06:31:05 UTC
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
10cf748693a03e95d4f2efab81757ec3ad3905129e84b7dc8c491d9e5fbb550e
36abbef320573be77f282a10faa2413d38710d336ab7c61eb31a8f0ee572f6f6
397545efcbf53bebabdb003bbe9f8b619b7ffdd5383c21ecd9e99c6de3e3cd83
40e95520d719a9c3277c76b42124de197dc391210b1053fa505897838dcdcb90
5e499f9a72195ce2d1d2e0ca6dffbacc880ae5bc0847ea03e65060c993e35146
862b45e2c98a175f625797db1d3342e0d9dc35b79e3386deb42c06b1918867d9
9dbdec587ca0c7713c3b5bb6e95803937226529b3b4515df219a8860cecfe76d
a6f0c8a174b516c26adcb179c3c902e2669a3843ad14e32cbd60958ad8604e7c
bcb474ac919440674135c673d8c6a0fc8015a63a15b2849c3346f74a716b5249
f2c4b98fdadf7b1fec173ed6493daaaf1dbb13d8d659a73d9a6b494f32a750fb
+ 65 additional samples on MalwareBazaar
Result
Malware family:
modiloader
Create hunting rule
Score:
  10/10
Tags:
family:modiloader trojan
Link:
https://tria.ge/reports/201109-nqv8qtan8x/
Behaviour
Suspicious use of WriteProcessMemory
ModiLoader First Stage
ModiLoader, DBatLoader
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 99ebd29c10ab0e9063fbec9966f1be56986d6c74630fb251baab26988aec93cd

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/386491/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/8967/

Comments