MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 49af1eb21d42899eea8a4384e4dee2bb5eec81803e9ee64591eeb60416f9be56. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 49af1eb21d42899eea8a4384e4dee2bb5eec81803e9ee64591eeb60416f9be56
SHA3-384 hash: d5294b2d2c7f6766962a9ce1e4fab43f2c3ea1fc7260a8de85b7a52288041f461ebbcbab318f0fe04280a9b1c6216857
SHA1 hash: 343e69ecbef23111b27092c44cd2d52cf6151c41
MD5 hash: 6868d4a97fa709a20cb920f19a0a8991
humanhash: alanine-shade-pizza-skylark
File name:Yeni alış sifarişi siyah.zip
Download: download sample
Signature ModiLoader
Create hunting rule
File size:1'119'683 bytes
First seen:2020-07-29 11:37:56 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:VA7ZeBS1vCq+9lVoqISmbQN0K/B7rV2XWIi7gUYtZYgsYK2DDT:VvBcCq+ZrISm0NNB7wmTEUYnYgsaj
TLSH 7F3533A899B678581D60E4621BD21D2F5FD0D876F58DC2B341AC8FEC683050EC6D98BF
Reporter abuse_ch
Tags:AZE geo ModiLoader zip


Avatar
abuse_ch
Malspam distributing ModiLoader:

From: Tamraz Hamidov <tamraz@aircargo.az>
Subject: Re: yeni alış sifarişi
Attachment: Yeni alış sifarişi siyah.zip (contains "Yeni alış sifarişi siyah.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Bulz.10542.8363.22198.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/49af1eb21d42899eea8a4384e4dee2bb5eec81803e9ee64591eeb60416f9be56/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-29 11:39:07 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jgxr5mq5ikez52ukiocojxxcxnpozamah2pomrmr523aifxzxzla._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/49af1eb21d42899eea8a4384e4dee2bb5eec81803e9ee64591eeb60416f9be56

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

zip 49af1eb21d42899eea8a4384e4dee2bb5eec81803e9ee64591eeb60416f9be56

(this sample)

ModiLoader

Executable exe f4cbb077c89f62bb6542489c882b324e8e2880dc3970e2540e61d1d25fff157a

  
Dropping
MD5 46bce4cdbc93e61340b1fe04693b7536
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f4cbb077c89f62bb6542489c882b324e8e2880dc3970e2540e61d1d25fff157a

Comments