MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5adcf46e12caa054b87db64183e494df6e9f518d3da1f91c879fdc50469ddcc5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5adcf46e12caa054b87db64183e494df6e9f518d3da1f91c879fdc50469ddcc5
SHA3-384 hash: bf383f9f3eb9ef01d40693b4a58a0dedcafd1c821658725766b7a3764599851ac328f452076e4f126d02c5b6a433dfbd
SHA1 hash: 1fe5c4b7ecfcf8f5005e8de07e62a27e6b11ad3e
MD5 hash: 4eda4b66865712828ee615c15619c861
humanhash: december-california-glucose-green
File name:DHL PARCEL INFORMATION.zip
Download: download sample
Signature ModiLoader
Create hunting rule
File size:585'075 bytes
First seen:2020-11-05 09:13:32 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:Gf65Lvwzez8EbBNZ//x6f/hClmTPjyubVeyOngsvncISYC3V0uVxb3:GiVvwbwX//MYORePEIlCFb3
TLSH B6C423D1EB23855FAA552DB9FBB0B920723344BC57EDE59A820F82ED4D46C061B443CE
Reporter abuse_ch
Tags:DHL ModiLoader zip


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: vepo.donoralpha.com
Sending IP: 111.118.214.86
From: Express-dhl <express@dhl.com>
Reply-To: dhlexprexx@protonmail.com
Subject: DHL Express service
Attachment: DHL PARCEL INFORMATION.zip (contains "DHL PARCEL INFORMATION.SCR")

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Fareit-FZO82C53D0CF1F4.16975.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5adcf46e12caa054b87db64183e494df6e9f518d3da1f91c879fdc50469ddcc5/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-11-04 23:35:42 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=llopi3qszkqfjod5wzayhzeu35xj6umnhwq7sheht7ofaru53tcq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

zip 5adcf46e12caa054b87db64183e494df6e9f518d3da1f91c879fdc50469ddcc5

(this sample)

ModiLoader

Executable exe 4d322ecc6fcc290df5cad72839e39862e84be629b7debc71474f5760e4430019

  
Dropping
MD5 f83419002a5df379139cb19f976fd5cf
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4d322ecc6fcc290df5cad72839e39862e84be629b7debc71474f5760e4430019

Comments