MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 27bf63e78e9011d803db1f4394f9f9a476f841603d5a36b3bc7867ab127a8c93. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 27bf63e78e9011d803db1f4394f9f9a476f841603d5a36b3bc7867ab127a8c93
SHA3-384 hash: a14bc8a02a34cba78d2419b97f1a02800b2c48055a760d584e7db0533593ea27a2e0f0bc649b8fbaa07d845d97368b8c
SHA1 hash: 5806737ca2e0bd50e7954f5640754e4a649650dc
MD5 hash: 9b23085a91af8024e353a6f217255d33
humanhash: snake-purple-fourteen-magazine
File name:50341-Vinalines shipping_pdf.arj
Download: download sample
Signature ModiLoader
Create hunting rule
File size:488'605 bytes
First seen:2020-10-16 10:24:03 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 12288:W8uxUSS1jQZ2i6YJMwEnqWBMhCK7HGzBHGDVjuCK:D0S1ziqW4KDmUbK
TLSH 9BA423723808C331FFC99694E3B8B2E17E516454AB4E676F5A806F91E0611CB8D82BE5
Reporter abuse_ch
Tags:arj ModiLoader


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: localhost
Sending IP: 89.248.168.148
From: Anna Nguyen <annan@vinalines-shipping.com>
Subject: Invoice#50341
Attachment: 50341-Vinalines shipping_pdf.arj (contains "Qvofhvp_Signed_.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/27bf63e78e9011d803db1f4394f9f9a476f841603d5a36b3bc7867ab127a8c93/
Threat name:
Win32.Hacktool.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-15 16:09:01 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=e67whz4osai5qa63d5bzj6pzur3pqqlahvndnm54pbt2wet2rsjq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/27bf63e78e9011d803db1f4394f9f9a476f841603d5a36b3bc7867ab127a8c93

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

arj 27bf63e78e9011d803db1f4394f9f9a476f841603d5a36b3bc7867ab127a8c93

(this sample)

ModiLoader

Executable exe 6b821b358a92094bf1218d5a455e7205efeda83a4b4247d010a86b77e284ee75

  
Dropping
MD5 eb914b9e052739f5ae554ad6138475f2
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6b821b358a92094bf1218d5a455e7205efeda83a4b4247d010a86b77e284ee75

Comments