MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 40d14d3d6b0704f1dac668a1a8aa9d1054628f5b198a2bc1b43107ff481fcc17. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 40d14d3d6b0704f1dac668a1a8aa9d1054628f5b198a2bc1b43107ff481fcc17
SHA3-384 hash: 4c38e1d9125f8a549c5e5a4c8d20276f81f6752d4d8e09dbc5a2ba3175a5fb12144ab5d9bf08c4fa0158ba3318ef3f5e
SHA1 hash: 52a107c4e5ac48165481a72e41f67ca5c655d2c4
MD5 hash: a6b067ef620d5ea0db67ec59efc7a0f2
humanhash: leopard-harry-nine-washington
File name:Proforma Invoice_xls.arj
Download: download sample
Signature ModiLoader
Create hunting rule
File size:366'918 bytes
First seen:2020-10-21 08:47:11 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:Yw8+NAgmqWRfa6lorOlH+K/PH1MQMhlQnV9Ml/Ax4YxJeFRId5WrfPFsm5ZNRXfk:YwDNAgbWLiyeSP1qovi/AH8FRIjWTPBu
TLSH 3A742348D747B27021CFFB19266B8274890EF05EBEE1F17D231A518B5B324946CBCDA6
Reporter abuse_ch
Tags:arj ModiLoader


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: jac0.lensing-promotion.com
Sending IP: 94.140.115.229
From: GC LEASE SINGAPORE PTE LTD <admin@grenke.sg>
Subject: Invoice for Contract: 176001090
Attachment: Proforma Invoice_xls.arj (contains "Proforma Invoice_.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.RarMal-C.5928.19094.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/40d14d3d6b0704f1dac668a1a8aa9d1054628f5b198a2bc1b43107ff481fcc17/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-21 08:18:02 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=idiu2plla4cpdwwgncq2rku5cbkgfd23dgfcxqnuged76sa7zqlq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

arj 40d14d3d6b0704f1dac668a1a8aa9d1054628f5b198a2bc1b43107ff481fcc17

(this sample)

ModiLoader

Executable exe 167af253c02649b8a71af8a93d0d6d65669d979605db0ccc07f0bebd868e30f3

  
Dropping
MD5 fbc5a07297852506dbca5d98c3a23d78
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 167af253c02649b8a71af8a93d0d6d65669d979605db0ccc07f0bebd868e30f3

Comments