MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 31fb810400eaee0d17bf217c5e6df8e3c942f2f87097d30da6c70073303d5679. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 31fb810400eaee0d17bf217c5e6df8e3c942f2f87097d30da6c70073303d5679
SHA3-384 hash: 040936b408dc6256959cc49a4926506ce5c781c24262e01252a1c9b99b8c03a0aa044147f6b54a896050f51d16cdc60c
SHA1 hash: ad51f52cdbc63f80031f687aa6e49eb145b874e8
MD5 hash: 223a754f414be86ac5113d29994c52bc
humanhash: fish-texas-red-december
File name:Bestätigung der Kontodaten,pdf.iso
Download: download sample
Signature ModiLoader
Create hunting rule
File size:708'608 bytes
First seen:2020-10-16 17:59:12 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:iEu6Ai+3QzSx++O8AySJxv/EJIy3m8A71UzFvCM2T4F1smtv1mHRm4DhKte1NDG2:Y6pexT1YJS8xZzet0mgNr9
TLSH A7E47E62B2D1C837C373253D8C5B96B49825BD9D2B3568763AEC3D8C5F397823429293
Reporter abuse_ch
Tags:DEU geo iso ModiLoader


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: dumpling.thegigabit.com
Sending IP: 103.212.71.41
From: KETEC PRECISION TOOLING Co., LTD <info@vectortool.com.ua>
Subject: Betreff: Bestätigung der Kontodaten
Attachment: Bestätigung der Kontodaten,pdf.iso (contains "Bestätigung der Kontodaten,pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/31fb810400eaee0d17bf217c5e6df8e3c942f2f87097d30da6c70073303d5679/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-10-16 10:42:19 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gh5ycbaa5lxa2f57ef6f43py4peuf4xyocl5gdngy4ahgmb5kz4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/31fb810400eaee0d17bf217c5e6df8e3c942f2f87097d30da6c70073303d5679

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

iso 31fb810400eaee0d17bf217c5e6df8e3c942f2f87097d30da6c70073303d5679

(this sample)

ModiLoader

Executable exe 6e65a5004779b795ed2d4b95d428083f4cdecf2f0d7880c11080040ed2b250b9

  
Dropping
MD5 1b2cb7fe442893edacb90c334e8e9654
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6e65a5004779b795ed2d4b95d428083f4cdecf2f0d7880c11080040ed2b250b9

Comments