MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b47513223904b7c432660309173ee2e2c5c5fe1df9dc64f343210bd03c2d8952. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b47513223904b7c432660309173ee2e2c5c5fe1df9dc64f343210bd03c2d8952
SHA3-384 hash: 57627d262f1b57e87988e1b05274fe2272cdf5effc7b6712dc4507e264fb877fbdd8b6124d820a7f6001324b796c195f
SHA1 hash: 4750e6f293c3874fff435c05ac2736b224c053ff
MD5 hash: 154c90803ac5d6f7e83a98133a0ebab6
humanhash: sad-lemon-fruit-kitten
File name:new purchase order.zip
Download: download sample
Signature ModiLoader
Create hunting rule
File size:1'138'164 bytes
First seen:2020-08-19 14:26:37 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:zoRcog1MoeD1Sv3B3kOwKM9U6BS53RgxbYmdZAUQ3o:zYg1MoeYv3B3kOj7uS530dZU3o
TLSH 963523D0AEEAB35E4DA4CC6263B60E93CFF291A6C41DF87D143C21143A58E3A276DC55
Reporter abuse_ch
Tags:ModiLoader zip


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: ns120.localdomain
Sending IP: 78.108.43.106
From: Ismail <ismailc@ermateknik.com.tr>
Subject: Re: Re: yeni satın alma siparişi
Attachment: new purchase order.zip (contains "Nriwdeg_Signed_.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25545.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25560.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b47513223904b7c432660309173ee2e2c5c5fe1df9dc64f343210bd03c2d8952/
Threat name:
Win32.Trojan.Bulz
Create hunting rule
Status:
Malicious
First seen:
2020-08-19 11:52:07 UTC
AV detection:
10 of 47 (21.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wr2rgirzas34imtgameropxc4lc4l7q57hogj42deef5apbnrfja._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b47513223904b7c432660309173ee2e2c5c5fe1df9dc64f343210bd03c2d8952

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

zip b47513223904b7c432660309173ee2e2c5c5fe1df9dc64f343210bd03c2d8952

(this sample)

ModiLoader

Executable exe 7d76b11ffd54f1f7f61dae2d07689f986a40a6bcf79e2606610f77a5c7bb20de

  
Dropping
MD5 80c92a411485656d8a8f98267f946c17
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7d76b11ffd54f1f7f61dae2d07689f986a40a6bcf79e2606610f77a5c7bb20de

Comments