MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 25530654b845346e52fb6546f62c8d8b869f7e381dab4511df7bd980ba6c4a8f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 25530654b845346e52fb6546f62c8d8b869f7e381dab4511df7bd980ba6c4a8f
SHA3-384 hash: 16160f3d6ad28d76bb3ed6b9ed62b3b33bfb81f667fd20da2a36aa41236c9d043ec47856883a1198c09b5f3e0dc84364
SHA1 hash: e57afebab0e319268dab619ff1f007eb21e85491
MD5 hash: 873ca96f1a16a080616a32e99bbe8855
humanhash: march-green-rugby-video
File name:Proforma Invoice.rar
Download: download sample
Signature ModiLoader
Create hunting rule
File size:325'027 bytes
First seen:2020-10-12 19:20:28 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:1nOj/TwsbkdRTkpkSwqL1L53IfViHw782kAk79FLs+S6+Fmzyp2V:xYwtXqt5Qi6LkpJZPS65L
TLSH 5464233BFEAB5BEDD9F1D5F872A19D19680245A61B1F70C44F2F0F60C225AC83D58029
Reporter abuse_ch
Tags:ModiLoader rar


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: localhost
Sending IP: 89.248.168.148
From: Jasmine Lee <udit@balajiexport.com>
Subject: Re: Payment for Outstanding Invoice
Attachment: Proforma Invoice.rar (contains "Proforma Invoice.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27502.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/25530654b845346e52fb6546f62c8d8b869f7e381dab4511df7bd980ba6c4a8f/
Threat name:
Win32.Hacktool.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-12 17:17:34 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  1/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=evjqmvfyiu2g4ux3mvdpmlenrodj67rydwvukeo7ppmybotmjkhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/25530654b845346e52fb6546f62c8d8b869f7e381dab4511df7bd980ba6c4a8f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

rar 25530654b845346e52fb6546f62c8d8b869f7e381dab4511df7bd980ba6c4a8f

(this sample)

ModiLoader

Executable exe 4e9cebbdc4cc12fb576d5c7c402f2d25685ba6341eaf13c46207d7f9bf0ba910

  
Dropping
MD5 6080788c7b8521746b994a05c3198796
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4e9cebbdc4cc12fb576d5c7c402f2d25685ba6341eaf13c46207d7f9bf0ba910

Comments