MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0f78c28253b05c387d8c3550e4604b701b9af0689bedde25b73a611e1e781a35. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0f78c28253b05c387d8c3550e4604b701b9af0689bedde25b73a611e1e781a35
SHA3-384 hash: f792a722ca8f95bf992323d311485b1caa18d8e8505939974983ff0be14add03c03b2d11e70fff78ae4299944866c7e0
SHA1 hash: c4307e4f009190f390b149f03fe9d61dd0141b1a
MD5 hash: d74fec50dfe87d0bd7363f6121b1f912
humanhash: pizza-comet-mountain-robin
File name:DRAFT-KMBT-OVER DUE-F33C92-96F3-4015-8107_IMG.xz
Download: download sample
Signature ModiLoader
Create hunting rule
File size:332'776 bytes
First seen:2021-01-04 13:19:27 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 6144:rdm+L/4zUSlfZsXiB0iu6b5KRX2GhaFrlnXFAk+fHqZRfsElz9U4:rdh4zUS5W0oRmGhaJPAkdZRfJ04
TLSH DA642384F90A4B4FE16622BEC3C79BA309B095C0ECE512FD67950EF620D4385996BD73
Reporter abuse_ch
Tags:ModiLoader xz


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: smtp.redshift.com
Sending IP: 216.228.2.205
From: Accounts <rsanchez@redshift.com>
Reply-To: Microsoft Outlook <mye-mail@europe.com>
Subject: Fw: Overdue
Attachment: DRAFT-KMBT-OVER DUE-F33C92-96F3-4015-8107_IMG.xz (contains "DRAFT-KMBT-F33C6592-96F3-4015-8107_IMG.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
358
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0f78c28253b05c387d8c3550e4604b701b9af0689bedde25b73a611e1e781a35/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2021-01-04 13:20:08 UTC
AV detection:
6 of 47 (12.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=b54mfastwbodq7mmgvioiycloanzv4ditpw54jnxhjqr4htydi2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0f78c28253b05c387d8c3550e4604b701b9af0689bedde25b73a611e1e781a35

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

xz 0f78c28253b05c387d8c3550e4604b701b9af0689bedde25b73a611e1e781a35

(this sample)

ModiLoader

Executable exe a6c3e40fcbe7e8672cbaaec87bcca2246f2858235f10e66106463c7b5b4c6620

  
Dropping
MD5 6fa79c4362c5d22fa4764db0e9222f47
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a6c3e40fcbe7e8672cbaaec87bcca2246f2858235f10e66106463c7b5b4c6620

Comments