MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1f77b91c5d343948cb84ae9f1a50eb5f8d887cb9b06de1ff30a1130567b4e09a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ModiLoader

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	1f77b91c5d343948cb84ae9f1a50eb5f8d887cb9b06de1ff30a1130567b4e09a
SHA3-384 hash:	c01dc76382e614bb8fe18325ec0a76c80797c3c28fba17262542fb5be9612cacb310f6586ab1cb0f30803be7de8982ff
SHA1 hash:	52f7117707997c576785af92f4f0ea83ed0bfa05
MD5 hash:	5613dd56e4bc472df52a2bccdbb40c7d
humanhash:	stream-magnesium-alaska-cup
File name:	5613dd56e4bc472df52a2bccdbb40c7d.exe
Download:	download sample
Signature	ModiLoader Create hunting rule
File size:	1'124'032 bytes
First seen:	2020-11-25 07:11:17 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	7606238d5eb38a05bc323fdb52f1e58e (2 x ModiLoader)
ssdeep	24576:r3D7HGCtRJanx0uaG0GMWjWEFsdhmOZFNDq4funBQt:r3D7H4a7GMWjWEFKmOZruBQt
Threatray	8 similar samples on MalwareBazaar
TLSH	6F359E22F6814877C5332A396C1BA6A55F36BF522E3878453BF93D4C4F392913C39296
Reporter	abuse_ch
Tags:	exe ModiLoader

Intelligence

File Origin

# of uploads :

1

# of downloads :

123

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

DNS request

Sending a custom TCP request

Creating a file

Launching the default Windows debugger (dwwin.exe)

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/546666

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1f77b91c5d343948cb84ae9f1a50eb5f8d887cb9b06de1ff30a1130567b4e09a/

Threat name:

Win32.Trojan.Wacatac

Status:

Malicious

First seen:

2020-11-24 07:18:07 UTC

AV detection:

25 of 28 (89.29%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=d533shc5gq4urs4ev2pruuhll6gyq7fzwbw6d7zquejqkz5u4cna._file

Verdict:

unknown

Similar samples:

21b054a3b319b950887eff329ebb237a5d442e6742e94d66d2ff17cd85f8d930

29cf2f87bd9503ddd65e08e9aab1e80bfef318873e649ca0db4e6b079f31b9a4

2bea53a14d59fc7d772ea805af47b3b8ddddbf201a7e8d9e7ebd7ca422702a30

3a89a79e825bf330e3ea46f6a5f548529b642dc61219a8deeaec070a0688a08e

bad1feef0055835db4f894b4885b48d596788458bc9095d4c0af9ec36a97077d

c3daf1d20367ee0d7a849419594356ec6cad7c9169107b332c64ab67cb739823

c7d2763c845a08a22775c242be4368bbad967ae4d2f82be1042645d6a70320a5

d41ec4b08eee7e5c1d34cdb17e9a9828f1901d90ef8c691a66c21c3fe72fc44b

Result

Malware family:

modiloader

Score:

10/10

Tags:

family:modiloader trojan

Link:

https://tria.ge/reports/201125-6hxhc7crxn/

Behaviour

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

ModiLoader First Stage

ModiLoader, DBatLoader

Unpacked files

SH256 hash:

1f77b91c5d343948cb84ae9f1a50eb5f8d887cb9b06de1ff30a1130567b4e09a

MD5 hash:

5613dd56e4bc472df52a2bccdbb40c7d

SHA1 hash:

52f7117707997c576785af92f4f0ea83ed0bfa05

Link:

https://www.unpac.me/results/7e1dfdd2-282a-4168-be18-3d91c98b840f/

SH256 hash:

b84855ac5a6527048ddf26acb12357de1f812ecfe0f53577411bb81611a49af7

MD5 hash:

bffb635bc28bea6569500cd26dac64a2

SHA1 hash:

085ce66e28f706af394528d25dd00907ce901304

Link:

https://www.unpac.me/results/7e1dfdd2-282a-4168-be18-3d91c98b840f/

SH256 hash:

fae319c59160b90052832602da3c2acb8ce453006fef4a9451d046e7a28278df

MD5 hash:

7cd7fadc8444278c24caad5a82ab8abd

SHA1 hash:

a09684a4a9d821b4aa0e17db020e3c0a8d6aadc8

Link:

https://www.unpac.me/results/7e1dfdd2-282a-4168-be18-3d91c98b840f/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Tinba

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/1f77b91c5d343948cb84ae9f1a50eb5f8d887cb9b06de1ff30a1130567b4e09a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 1f77b91c5d343948cb84ae9f1a50eb5f8d887cb9b06de1ff30a1130567b4e09a

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/848714/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/105475/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample