MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f1487b4b31308584b8ca66dcc4904c310c128317f68b10f11629e38f9cf3d59e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f1487b4b31308584b8ca66dcc4904c310c128317f68b10f11629e38f9cf3d59e
SHA3-384 hash: a0258111faa3a0d162575ca77acbff9dcd49e2943040c76c40e95d6eae8ebd474294b11d0e705e2767d94f120bdee6de
SHA1 hash: c4937f2a99477d39497b1fc19b1833ca399c90c9
MD5 hash: 6da592a7f9d24e57bc9d52fd680caeac
humanhash: michigan-triple-black-lemon
File name:07-20-2020_06-59-10-PM pdf.zip
Download: download sample
Signature ModiLoader
Create hunting rule
File size:1'297'504 bytes
First seen:2020-08-05 08:49:06 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:zy8RLEoyV1Ayi9ap3nYS2M/w4xIAj0TYR/7aLjSL0VMqqnFCTjqfRTY4Cp92:zyRn3d3w4xIo0TdjSWlqnFL4pI
TLSH 9B5533F98D0B64CC5549C3D0D7D8B13FDBE37670EE9A4232252B8472602B779B461A2B
Reporter abuse_ch
Tags:ModiLoader zip


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: serverz.geminit.it
Sending IP: 5.249.152.15
From: lmslides <lmslides@tin.it>
Subject: Ri: Ri: Ri Re: PJS-97 ISS Q7498-A-R0
Attachment: 07-20-2020_06-59-10-PM pdf.zip (contains "polizza di trasferimento.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader34.17892.12192.21659.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f1487b4b31308584b8ca66dcc4904c310c128317f68b10f11629e38f9cf3d59e/
Threat name:
Win32.Dropper.Dapato
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 08:51:04 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6fehwszrgccyjogkm3omjecmgegbfayx62frb4iwfhry7hht2wpa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Strictor
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/f1487b4b31308584b8ca66dcc4904c310c128317f68b10f11629e38f9cf3d59e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

zip f1487b4b31308584b8ca66dcc4904c310c128317f68b10f11629e38f9cf3d59e

(this sample)

ModiLoader

Executable exe 62129dc8193a75313e61a1feb2146bd798ec2c84b12d99aac6560cdb7ee9e309

  
Dropping
MD5 0e65492146d36fc9fb59a409b69498fe
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 62129dc8193a75313e61a1feb2146bd798ec2c84b12d99aac6560cdb7ee9e309

Comments