MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 34dd03bd383aec692c5f4128ca9b5e2be3a0237ac9b6cc319aa54ecd28f13a3a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 34dd03bd383aec692c5f4128ca9b5e2be3a0237ac9b6cc319aa54ecd28f13a3a
SHA3-384 hash: 5cf3690ca3b284ac7baefa6d3496877b7f12934f6ab5c139cae06dbe8743235aa844cb854ddcccf7d352b349987290a2
SHA1 hash: 24517bbb63d2a5b70ec015dab81f571e178d39a0
MD5 hash: 0584999a8eabc6c8124f17f18eb0a729
humanhash: spaghetti-emma-neptune-ink
File name:Details_UPS.iso
Download: download sample
Signature ModiLoader
Create hunting rule
File size:1'638'400 bytes
First seen:2020-10-15 17:20:41 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 24576:LFT7lBs40jT0sUbtpW/nAOPq3Sp58wn7nLT6USE/7LYUx5t8SH1:LvBsxTEi597nLT6USE/7kUPt
TLSH A375C031F3E1CA36F25215318C2B5BB9A532BE001924945A76EA3D4DAF367F079392D3
Reporter abuse_ch
Tags:iso ModiLoader UPS


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: hardcore-gould.52-165-237-63.plesk.page
Sending IP: 40.77.27.88
From: "UPS Customer Service" <customer@ups.com>
Subject: UPS - Pending delivery
Attachment: Details_UPS.iso (contains "Skyzzsn_Signed_.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis5F81083596A0.8651.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/34dd03bd383aec692c5f4128ca9b5e2be3a0237ac9b6cc319aa54ecd28f13a3a/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-10-15 17:22:10 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gtoqhpjyhlwgslc7ieumvg26fpr2ai32zg3mymm2uvhm2khrhi5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/34dd03bd383aec692c5f4128ca9b5e2be3a0237ac9b6cc319aa54ecd28f13a3a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

iso 34dd03bd383aec692c5f4128ca9b5e2be3a0237ac9b6cc319aa54ecd28f13a3a

(this sample)

ModiLoader

Executable exe e8094459a8fbcf684a411188c294898454be6db6b3cf31185e346e8cd705744e

  
Dropping
MD5 693215a0faed56425fafe6a4f0227422
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e8094459a8fbcf684a411188c294898454be6db6b3cf31185e346e8cd705744e

Comments