MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 30b234fc3eadaa03436081e57d7b8b25177f35118763acc0465f2a8f6158b2cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 30b234fc3eadaa03436081e57d7b8b25177f35118763acc0465f2a8f6158b2cd
SHA3-384 hash: 03feb83b0e4f8762494fadc8124907330a45a1ab3cc43043b2cc3bc6ecfa91bfd4106c66e30518d9117d5be48c8e9eed
SHA1 hash: c8c48a65610f6289c031969cbdd9ba3001eeddc6
MD5 hash: 1c2c113dc566dd1324f89524f8feca8d
humanhash: kentucky-violet-shade-wyoming
File name:SAMPLE PICTURES AND SPECIFICATIONS - RFQ DTD37-1020PDF.z
Download: download sample
Signature ModiLoader
Create hunting rule
File size:580'336 bytes
First seen:2020-10-27 12:46:21 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:48FJcvp1SCl3qd8NrlA+r+Qg7AAwj1MyEU6cFJMmky05HvY9wSff6seNH4A:9gxhaeNBy91cRpjMmj06TTA
TLSH 4EC42304028F1783A9AB36D44EDB96D22413E76E736D36DC0F13528A9D132DCE55BE2B
Reporter abuse_ch
Tags:ModiLoader z


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: medpex.com
Sending IP: 210.244.73.74
From: Emily & Sales <8150110@naver.com>
Subject: Product Inquiry / Alibaba Buyer
Attachment: SAMPLE PICTURES AND SPECIFICATIONS - RFQ DTD 37-1020PDF.z (contains "SAMPLE PICTURES AND SPECIFICATIONS - RFQ DTD 37-1020PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.PrivateEXEProtector4-6192998-2
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/30b234fc3eadaa03436081e57d7b8b25177f35118763acc0465f2a8f6158b2cd/
Threat name:
Script-VBS.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-10-27 10:50:05 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gczdj7b6vwvagq3aqhsx264leulx6nirq5r2zqcgl4vi6ykywlgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Farheyt
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/30b234fc3eadaa03436081e57d7b8b25177f35118763acc0465f2a8f6158b2cd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

zip 30b234fc3eadaa03436081e57d7b8b25177f35118763acc0465f2a8f6158b2cd

(this sample)

ModiLoader

Executable exe 9f5afe868a8dd23926e807303d8896b239b802a3c366e448f4c59a103540019f

  
Dropping
MD5 e4579084f05633a019ca06e10f4a563e
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9f5afe868a8dd23926e807303d8896b239b802a3c366e448f4c59a103540019f

Comments