MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 69a218fceba737bcd30936ae7e3404544c9976c0db63be7ad2c7e950677a9e16. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
ModiLoader
Vendor detections: 6
| SHA256 hash: | 69a218fceba737bcd30936ae7e3404544c9976c0db63be7ad2c7e950677a9e16 |
|---|---|
| SHA3-384 hash: | 28f8fd8b8b7ef40a7eb11ffe469d52e99c7fbf7915c29435c42608a1972e99726976070c2206e925edbbb4b421568405 |
| SHA1 hash: | 1d949b217740b1cef3a36d66d21ba95aca3eda7e |
| MD5 hash: | 9a034dbfc1a0c1aeecfb5ab93c4d743c |
| humanhash: | uranus-hamper-carbon-echo |
| File name: | HSBC-00419.exe |
| Download: | download sample |
| Signature | ModiLoader |
| File size: | 638'976 bytes |
| First seen: | 2020-10-16 12:57:51 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | af00c2cd3e1abe86ddbb239e27958d26 (6 x ModiLoader, 3 x RemcosRAT, 1 x Formbook) |
| ssdeep | 12288:cEu6Ai+3QzSx++O8AySJxv/EJIy3m8A71UzFvCM2T4F1smtv1mHRm4DhKte1NDGB:a6pexT1YJS8xZzet0mtNr9 |
| TLSH | 60D48E62F2D1C837C373257D9C1B96B49825BD5D2F2568763AE83D8C6F393823429293 |
| Reporter |  abuse_ch |
| Tags: | exe geo HSBC MKD ModiLoader |
abuse_ch
Malspam distributing unidentified malware:From: Komercijalna banka Skopje <account@ptssyndicate.com>
Subject: Известување за дојдовна исплата
Attachment: HSBC-00419.iso (contains "HSBC-00419.exe")
Intelligence
File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Result
Verdict:
Clean
Maliciousness:
Behaviour
Sending a UDP request
Creating a window
DNS request
Sending a custom TCP request
Creating a file
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Signature
A
b
c
d
e
f
i
l
M
n
o
r
S
t
u
V
Behaviour
Behavior Graph:
Threat name:
Win32.Infostealer.Fareit
Status:
Malicious
First seen:
2020-10-16 10:23:18 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
suspicious
Result
Malware family:
modiloader
Score:
10/10
Tags:
trojan family:modiloader
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
ModiLoader First Stage
ModiLoader, DBatLoader
Unpacked files
SH256 hash:
69a218fceba737bcd30936ae7e3404544c9976c0db63be7ad2c7e950677a9e16
MD5 hash:
9a034dbfc1a0c1aeecfb5ab93c4d743c
SHA1 hash:
1d949b217740b1cef3a36d66d21ba95aca3eda7e
SH256 hash:
47bff2bc3be730be8c26ebad756a1534c7e6a2065f453f47863ea776bd8badcd
MD5 hash:
5a5fa19fbd7e6acc904f44c8b50b8f57
SHA1 hash:
2a793ba29f594cb182434c14dc720267041636d4
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.