MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 423bfc26148d97985680739d2b43311d7f234680c244b8af60c224b3d3719857. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 423bfc26148d97985680739d2b43311d7f234680c244b8af60c224b3d3719857
SHA3-384 hash: e769810291b132dd06247fac8035656601b72951768cefcc81a0ba48d42d92734a7446bde4d1716922e35455ec33da28
SHA1 hash: 8df61e5bb6d16d3dd890826dc10e4f353e621742
MD5 hash: 71f242787c36a22b28507654d25b4f7e
humanhash: double-london-asparagus-hamper
File name:71f242787c36a22b28507654d25b4f7e.exe
Download: download sample
Signature ModiLoader
Create hunting rule
File size:965'120 bytes
First seen:2020-10-08 17:50:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f918ce4c02b222f66cc7aa2c3be8a168 (4 x ModiLoader)
ssdeep 12288:vKbIaBg0N87tcWa4WGEb7OVPso/BZm5gCiOsHMNTr3bJEYOcg+L:vIG97KZGOsKOMh3bJ1
Threatray 9 similar samples on MalwareBazaar
TLSH C8256D22A1D14C33C5F31A789D1BD398992EBD213D3AA9452BF22D4C7F35261793E293
Reporter abuse_ch
Tags:exe ModiLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
117
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/69339/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
DNS request
Connection attempt
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/485903
Signature
Antivirus detection for URL or domain
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/423bfc26148d97985680739d2b43311d7f234680c244b8af60c224b3d3719857/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-10-08 17:52:08 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ii57yjqurwlzqvuaoooswqzrdv7sgruayjclrl3ayislhu3rtblq._file
Verdict:
suspicious
Similar samples:
00a59bd4f68fa1f661435296736f595c1e20968ce22c21afc2f56099cbb2a600
ModiLoader
2d33171ef8d245bb5f0e31b062e9f28fcb851d1ddc25a7ae0c13e8814a5cb74f
ModiLoader
3a292d53f973c07d523f5e7095317183338c0f71293695837a6575ab323a196e
ModiLoader
41839aa5e4d72dfb5b544550588a3b18e83b45c64193e96236ddaca0527e303e
ModiLoader
8f3b6a725b06abd223aa214244ba4756cba52419dd116506744c386133a805fe
ModiLoader
9b60c965a1425ff01954ce6a917cb4486d5af5cb36f538233139042ea324a64e
ModiLoader
bdfab1d388e83c33d6f0f055225f812165fe09ba813559e539be7ac9165e33ed
ModiLoader
c8b30a9f515a5568cc22aca8057a1923440516345a926e027baf3906615ce105
ModiLoader
e9bc7c1d038965bb247e69816fbcad2444766abd7082eade34eea3c641025f94
ModiLoader
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201008-qjlltd5cw2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
423bfc26148d97985680739d2b43311d7f234680c244b8af60c224b3d3719857
MD5 hash:
71f242787c36a22b28507654d25b4f7e
SHA1 hash:
8df61e5bb6d16d3dd890826dc10e4f353e621742
Detections:
win_dbatloader_auto
Create hunting rule
Link:
https://www.unpac.me/results/765b60e4-45e7-4984-b301-c6ee248bbbb9/
SH256 hash:
8d01c3cf15ac1b585c4348f4ca1b7ae7d3a0128b4361bfb99663ef7b76d120c3
MD5 hash:
ba0f1a3fcab73d428d0ae20abbdad046
SHA1 hash:
076f0219e3322875595a1e7c5857162f4155e375
Detections:
win_dbatloader_auto
Create hunting rule
Link:
https://www.unpac.me/results/765b60e4-45e7-4984-b301-c6ee248bbbb9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/423bfc26148d97985680739d2b43311d7f234680c244b8af60c224b3d3719857

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_dbatloader_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ModiLoader

Executable exe 423bfc26148d97985680739d2b43311d7f234680c244b8af60c224b3d3719857

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/670078/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/69339/

Comments