MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e5d6b0ee06ea48950a4c8b9ae187bdae33e6d12b01458af9aeeb5f0b8c521fb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1e5d6b0ee06ea48950a4c8b9ae187bdae33e6d12b01458af9aeeb5f0b8c521fb
SHA3-384 hash: 3f1be756b0433cd16cbd1ed403d8dd649e1db53e131514fffc2f9da4b8e8e114726a1061b3d356841ef9141e0b75fec9
SHA1 hash: f4cfa54b2d15395039ba8f0a9d05064a68177ddb
MD5 hash: 511d7c7698bb3ca5f22326828bbd314a
humanhash: maryland-montana-washington-music
File name:Payment.img
Download: download sample
Signature ModiLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2021-04-01 07:28:24 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:64E6Ax8b3EAWv/re0t//WxpMLmYXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXi:6xu3EAaD3gWLdXiL4Ujp
TLSH F2459E26B3E14476D1B3257C8C1BB7A59825BE513EE438463BF42E4C9B3E3A0B92C157
Reporter abuse_ch
Tags:img ModiLoader


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: slot0.gozenholdings.com
Sending IP: 185.121.120.144
From: WoodHouse Marcela<marcela@gozenholdings.com>
Subject: Re:Payment Confirmation
Attachment: Payment.img (contains "Tvoz_f.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1e5d6b0ee06ea48950a4c8b9ae187bdae33e6d12b01458af9aeeb5f0b8c521fb/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2021-04-01 07:29:17 UTC
AV detection:
10 of 47 (21.28%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dzowwdxan2sisufezc424gd33lrt43iswakfrl425227bogfeh5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1e5d6b0ee06ea48950a4c8b9ae187bdae33e6d12b01458af9aeeb5f0b8c521fb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

img 1e5d6b0ee06ea48950a4c8b9ae187bdae33e6d12b01458af9aeeb5f0b8c521fb

(this sample)

ModiLoader

Executable exe b7b60cdc8b19e55d3977250a9b64c254afd7e78bb1ffd8ec44dca4000b7da52b

  
Dropping
MD5 990ac5ec3a883e92ec8272d5545ceb14
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b7b60cdc8b19e55d3977250a9b64c254afd7e78bb1ffd8ec44dca4000b7da52b

Comments