MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3b10f3c1d3d58f5ec259d4baa6d1e2544efced7895cea0e2b56b068547cbacf7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ModiLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	3b10f3c1d3d58f5ec259d4baa6d1e2544efced7895cea0e2b56b068547cbacf7
SHA3-384 hash:	c3a4deef9dfe146d637e7d974499dd2973351bf20559f9c1bb8eb6ecade10dd96b38de58e8c826c28c9637e79b5672b4
SHA1 hash:	a8ec396d7ce055098cc6b82800b1b370f1460fea
MD5 hash:	82b635dc1534834c4557b6ce3765f829
humanhash:	solar-don-emma-mike
File name:	Bmxcixs_Signed_.gz
Download:	download sample
Signature	ModiLoader Create hunting rule
File size:	404'754 bytes
First seen:	2020-10-08 05:29:57 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	12288:af4tuPQqw6U60OdZhr8yX9gaBpA5r8pkee9AtsqlsLZVXH/:44tW7w+0OdZ+89tjoRFOSqlUV
TLSH	5684235D7B7698B93C98B4117CAC574AF823EADC9219705C5A88E01BEF32511E3B0BD3
Reporter	abuse_ch
Tags:	gz ModiLoader

abuse_ch

Malspam distributing ModiLoader:

HELO: tidesmedical.info
Sending IP: 192.119.95.28
From: "Hung Nhan Garment Co.LTD.," <contact@tidesmedical.info>
Subject: RE: Urgent Request For New Shipment//INV/PL/TEHK00945332
Attachment: Bmxcixs_Signed_.gz (contains "Bmxcixs_Signed_.exe")