MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a2f1b3c5e6461e4bd7fd2161069dfb89385d5dddadf0413a9ed7ccae04c5cd06. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a2f1b3c5e6461e4bd7fd2161069dfb89385d5dddadf0413a9ed7ccae04c5cd06
SHA3-384 hash: e062018337d8a2de7b0274cc28d368cab1d338e13714cb0084025d9f87659a4d34c961b1ba73b31bba28df9d6c2965f8
SHA1 hash: e8e69dd87167dc660d1e99580a0dde262b024549
MD5 hash: 09708a69b9569887f32e10d60b560f1c
humanhash: spaghetti-march-seventeen-carolina
File name:07-20-2020_06-59-10-PM.zip
Download: download sample
Signature ModiLoader
Create hunting rule
File size:1'270'159 bytes
First seen:2020-08-13 11:16:38 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:hLgfelr5c3w9eOIQTiHV83fhY+r3Y9eEbOboUZ2UNr/E1ZeCvVtxRSwi:h7rX9FIQyV832+e1vpUp/ECglSv
TLSH 544533D28D138C8FC3D84531FE7D441DC5FBDD795229A4FB8A35825C61AA82FA02AD35
Reporter abuse_ch
Tags:geo ITA ModiLoader zip


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: tur2.hipotenus.com
Sending IP: 213.159.30.161
From: disabili@trenord.it
Subject: AW: An-200580
Attachment: 07-20-2020_06-59-10-PM.zip (contains "ordine di offerta.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.PrivateEXEProtector4-6192998-2
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a2f1b3c5e6461e4bd7fd2161069dfb89385d5dddadf0413a9ed7ccae04c5cd06/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-08-13 11:18:10 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uly3hrpgiypexv75efqqnhp3re4f2xo5vxyecou627gk4bgfzuda._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a2f1b3c5e6461e4bd7fd2161069dfb89385d5dddadf0413a9ed7ccae04c5cd06

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

zip a2f1b3c5e6461e4bd7fd2161069dfb89385d5dddadf0413a9ed7ccae04c5cd06

(this sample)

ModiLoader

Executable exe d15bb0b2e07a91123300b30b6b7f26774e873a7bbbf677cdfd1a7c9547a1e353

  
Dropping
MD5 7576acf8a1ec7df0ab7e41f4297a9b84
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d15bb0b2e07a91123300b30b6b7f26774e873a7bbbf677cdfd1a7c9547a1e353

Comments