MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1c353870ff190fe795e3804fc641d777b80df3f1b90784aa3e1b97e1d61f901f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1c353870ff190fe795e3804fc641d777b80df3f1b90784aa3e1b97e1d61f901f
SHA3-384 hash: 5c6004f0fe6ec3233efe165bfa8ddd2ef4987842de1a0376a07a6ca148adb4425d83acbd0643f7c5e8d6f4ec436ba983
SHA1 hash: c0d0f737a7e695c6a653d460ad16ddb7d0a606d4
MD5 hash: 54f88e8269b980b2daf9026a8b4567cf
humanhash: kansas-north-coffee-beryllium
File name:IMG_Purchase-Order-Specifications_QuoteAmendments.r09
Download: download sample
Signature ModiLoader
Create hunting rule
File size:431'941 bytes
First seen:2022-07-26 08:38:43 UTC
Last seen:2022-07-26 13:10:53 UTC
File type: r09
MIME type:application/x-rar
ssdeep 12288:UBDwxexFkDnx7MBHvXwb9BDC4GSvTnsGhcu2bVYZc7m+sO1IT:w/FnBHvAbLxvTnsGhF+71IT
TLSH T17594235D9DCD6C7610279C810BB318BC4F93C19D2E67A61DAB1022166323E5FE37D2EA
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:ModiLoader r09


Avatar
cocaman
Malicious email (T1566.001)
From: ""N. Aravind BGM" <aravindan@hersheys.com>" (likely spoofed)
Received: "from hosted-by.rootlayer.net (unknown [185.222.57.167]) "
Date: "26 Jul 2022 10:37:01 +0200"
Subject: "REF: New order & Mackson Quote"
Attachment: "IMG_Purchase-Order-Specifications_QuoteAmendments.r09"

Intelligence

File Origin
# of uploads :
17
# of downloads :
249
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1c353870ff190fe795e3804fc641d777b80df3f1b90784aa3e1b97e1d61f901f/
Threat name:
Win32.Trojan.Remcos
Create hunting rule
Status:
Malicious
First seen:
2022-07-26 08:41:14 UTC
File Type:
Binary (Archive)
Extracted files:
45
AV detection:
21 of 39 (53.85%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dq2tq4h7deh6pfpdqbh4mqoxo64a347rxedyjkr6dol6dvq7sapq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1c353870ff190fe795e3804fc641d777b80df3f1b90784aa3e1b97e1d61f901f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

r09 1c353870ff190fe795e3804fc641d777b80df3f1b90784aa3e1b97e1d61f901f

(this sample)

ModiLoader

Executable exe d509f13850c42ed1167dbce488855daf8fef40d16fcf8d898d5fc1fd7b76f569

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d509f13850c42ed1167dbce488855daf8fef40d16fcf8d898d5fc1fd7b76f569
  
Dropping
ModiLoader

Comments