MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 068a4936277088d335e9ca5018ada61696abb266e7c6335f219517827d4f083b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 068a4936277088d335e9ca5018ada61696abb266e7c6335f219517827d4f083b
SHA3-384 hash: 41d5f7f25423ec48bb835674055109ed3031d7294096e676a97d7f3e499e56db924cea04464183dee2d05954c955d9b7
SHA1 hash: 33934b26d616fed2f4fe8fe4068c5a67f42a2da5
MD5 hash: ed7e6f92d38b2fe479f58383c9a14f87
humanhash: zulu-fifteen-one-cardinal
File name:LPO3300026.gz
Download: download sample
Signature ModiLoader
Create hunting rule
File size:560'551 bytes
First seen:2020-08-05 11:47:36 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:O1u+wnzooC8sUcvlG0cQfv1vMIvFzAgOFTeyq/Fjo:O1jPt80cYlv2gOFTeyqJo
TLSH 75C4233D53ADDB5C52F72403690AB879F55D6D8A0A19DCD1788B7BEC8D1EACAC12083C
Reporter abuse_ch
Tags:gz Hetzner ModiLoader


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: static.33.46.181.135.clients.your-server.de
Sending IP: 135.181.46.33
From: Gian Amores <giian.dexter@redcooalmana.com>
Subject: Purchase Order
Attachment: LPO3300026.gz (contains "LPO3300026.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/068a4936277088d335e9ca5018ada61696abb266e7c6335f219517827d4f083b/
Threat name:
Win32.Trojan.Delf
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 11:49:07 UTC
AV detection:
4 of 48 (8.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=a2fesnrhocengnpjzjibrlngc2lkxmtg47ddgxzbsulye7kpba5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/068a4936277088d335e9ca5018ada61696abb266e7c6335f219517827d4f083b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

gz 068a4936277088d335e9ca5018ada61696abb266e7c6335f219517827d4f083b

(this sample)

ModiLoader

Executable exe 6ed405da1a685dc66c44b5c72392a4f3c33a656298ea06167083a01aa6a25dcd

  
Dropping
MD5 510fdb0a0207c5650bf2ba586c82cf09
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6ed405da1a685dc66c44b5c72392a4f3c33a656298ea06167083a01aa6a25dcd

Comments