MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 47362bdf98d40124a5be66bb91e83584bb8a1d9ce57e830ff44016268f468e3f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ModiLoader

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	47362bdf98d40124a5be66bb91e83584bb8a1d9ce57e830ff44016268f468e3f
SHA3-384 hash:	d92cd3f3019c45754350355cf1046a7c4b08bf25261d40a20b90f6e9333d0860a5d4bc6723f596ff7bbc7f58521ad5bb
SHA1 hash:	fc1a245c5edd9e3dc3f140c744017464cefeb70b
MD5 hash:	e19a67563628389a2e10b449744c1547
humanhash:	vermont-autumn-oregon-yankee
File name:	e19a67563628389a2e10b449744c1547.exe
Download:	download sample
Signature	ModiLoader Create hunting rule
File size:	1'131'008 bytes
First seen:	2020-12-20 07:48:47 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	085c680fa17827e76983c3f01eab8944 (2 x ModiLoader)
ssdeep	12288:B3rlSDt3RDBWN9MGVIMbLc7qH0MIHUhZyc6wh4dU0td/08fVez+A/dk60xaO0ZHK:dxyRDBWN9oMbLJUMmUf7utdGzWcRNY
Threatray	7 similar samples on MalwareBazaar
TLSH	C035CF626E61403BE1450D30CA4943697DD4BF21EE2458C2ABB5FD0C9F3DB81B67F2A6
Reporter	abuse_ch
Tags:	exe ModiLoader

Intelligence

File Origin

# of uploads :

1

# of downloads :

212

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

e19a67563628389a2e10b449744c1547.exe

Verdict:

No threats detected

Analysis date:

2020-12-20 07:50:00 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/8e66a160-1b2d-4fe5-a1e1-e3f22439996b

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/108586/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.45077742.2746.22401.UNOFFICIAL

SecuriteInfo.com.Trojan.GenericKD.45076240.112.15039.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

DNS request

Connection attempt

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/566931

Signature

Contains functionality to detect sleep reduction / modifications

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/47362bdf98d40124a5be66bb91e83584bb8a1d9ce57e830ff44016268f468e3f/

Threat name:

Win32.Infostealer.Fareit

Status:

Malicious

First seen:

2020-12-20 02:31:00 UTC

AV detection:

15 of 29 (51.72%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

016fa792f8385aa4279c96be727537b054dc89e5f58d1b90f271e37c8cad9c00

21c88bab09fd103fd1479524503789677b0a7822eb10468c20b4fba58a952490

2fae63ecad98534d04e71d0d1860be965367fad16462d7c302b5e7c296e96cf9

549de81621fd5e577a164009e14fe791e2099b1a985fe37739801fdf156800b8

8636e1019ae81fce7647c4f1804bea7924d8dadeac118926e4836f19226fbe32

b4db045a825affb493b9ecf2155047996fe2dd6f85db26a79070c7fd78fa60e9

e7886a202e776ec7cea4d8bccb65c2aefad54a1e0221493168f44457dc2a94cd

Result

Malware family:

modiloader

Score:

10/10

Tags:

family:modiloader trojan

Link:

https://tria.ge/reports/201220-qb947t5cex/

Behaviour

Suspicious behavior: GetForegroundWindowSpam

ModiLoader First Stage

ModiLoader, DBatLoader

Unpacked files

SH256 hash:

47362bdf98d40124a5be66bb91e83584bb8a1d9ce57e830ff44016268f468e3f

MD5 hash:

e19a67563628389a2e10b449744c1547

SHA1 hash:

fc1a245c5edd9e3dc3f140c744017464cefeb70b

Link:

https://www.unpac.me/results/8ef267e0-e047-4b45-8a16-9bd208eddee4/

SH256 hash:

24832828270020653963e0a26d82a397ef31afd7710e0868142daa48eae49d22

MD5 hash:

a3c026f774e155daee32d631b1822505

SHA1 hash:

5d1618089f4219946b4696e648605817788926e7

Link:

https://www.unpac.me/results/8ef267e0-e047-4b45-8a16-9bd208eddee4/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/47362bdf98d40124a5be66bb91e83584bb8a1d9ce57e830ff44016268f468e3f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 47362bdf98d40124a5be66bb91e83584bb8a1d9ce57e830ff44016268f468e3f

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/898668/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/108586/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample