MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a11cc6f843dea3dc913305fc8ebb1dec7a566f11d6a4b2aad08bce6927d8c9ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a11cc6f843dea3dc913305fc8ebb1dec7a566f11d6a4b2aad08bce6927d8c9ec
SHA3-384 hash: eca166c739c5a4a04af1bbfb46d69a989935e56aa7d637b5f201931342f45c1b0c96ce007bbc43d39a5ea2a1aa2397a4
SHA1 hash: 94ba873e050ad9c4fccf599a107f31bf8c12af99
MD5 hash: 53d157ca053cc74ccf16495c73c9f0e6
humanhash: idaho-november-east-chicken
File name:Proforma fatura.zip
Download: download sample
Signature ModiLoader
Create hunting rule
File size:1'318'225 bytes
First seen:2020-07-24 07:54:15 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:jNIy7eldmFHuZSawPI3k5fPiKwmzZM5VM1N+yT+eaPPK2Y/UDajWj:hKld0HuZWCkFPiKPO8NdaZYsajA
TLSH 6D5533059D7418C32CECD0F363B2009D18CA686ECA6AD75A817B93CCE53A319DA5D5EF
Reporter abuse_ch
Tags:ModiLoader zip


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: tur2.hipotenus.com
Sending IP: 213.159.30.161
From: ahmed khalifa <sargutinsaat@ttnet.net.tr>
Subject: FİYAT TEKLİFİ
Attachment: Proforma fatura.zip (contains "Proforma fatura.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader34.3053.8852.17439.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a11cc6f843dea3dc913305fc8ebb1dec7a566f11d6a4b2aad08bce6927d8c9ec/
Threat name:
Win32.Trojan.Avemariarat
Create hunting rule
Status:
Malicious
First seen:
2020-07-24 07:56:08 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ueomn6cd32r5zejtax6i5oy55r5fm3yr22slfkwqrphgsj6yzhwa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a11cc6f843dea3dc913305fc8ebb1dec7a566f11d6a4b2aad08bce6927d8c9ec

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

zip a11cc6f843dea3dc913305fc8ebb1dec7a566f11d6a4b2aad08bce6927d8c9ec

(this sample)

ModiLoader

Executable exe aa920a28098387bcdcca0c6e2b668a94b49b1ba5ab1129b27da5a42c4f645ca3

  
Dropping
MD5 26726773275abd70e680e80787bcec16
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aa920a28098387bcdcca0c6e2b668a94b49b1ba5ab1129b27da5a42c4f645ca3

Comments