MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6eddee04fd3f715201359b14b2ac4c017b5c68d3059ce8cd306761fc4ee754fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6eddee04fd3f715201359b14b2ac4c017b5c68d3059ce8cd306761fc4ee754fe
SHA3-384 hash: 3e7ca2e2f0ff90d8ca100d950f2f62c9501e75506865007a58844f7b4f27c963056e8b1c8b9d9e90d3616915495a2e64
SHA1 hash: 99a076ea818bb67e0ed807a2cf98ad94dcf475fe
MD5 hash: bb13661b40460a40347e83697d765677
humanhash: red-uranus-cardinal-sixteen
File name:bb13661b40460a40347e83697d765677.exe
Download: download sample
Signature ModiLoader
Create hunting rule
File size:823'488 bytes
First seen:2020-12-15 17:38:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d25e5d259e7f6716a4e00d81c9e32354 (4 x ModiLoader, 2 x ISRStealer, 1 x Formbook)
ssdeep 12288:mg83oBuqmVFmaoZ9cK6OxHiCjFzQZm9QIPmcadX2IGVp5Y/mT:mgWJ0NZlxr1WK6o
Threatray 14 similar samples on MalwareBazaar
TLSH 30056C62B25144F6C07216389D0B96A498E5BE3039349D872AF96D4CBEFF3A07D1DD83
Reporter abuse_ch
Tags:exe ModiLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
185
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
bb13661b40460a40347e83697d765677.exe
Verdict:
Suspicious activity
Analysis date:
2020-12-15 18:04:28 UTC
Tags:
installer
Link:
https://app.any.run/tasks/f9f8a5ec-6938-40fb-93a4-16559fa72e45

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/108208/
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Variant.Bulz.268345.26888.19011.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
DNS request
Sending a custom TCP request
Creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/563600
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6eddee04fd3f715201359b14b2ac4c017b5c68d3059ce8cd306761fc4ee754fe/
Threat name:
Win32.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-12-15 12:12:08 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=n3o64bh5h5yveajvtmklflcmaf5vy2gtawoortjqm5q7ytxhkt7a._file
Verdict:
malicious
Similar samples:
35b67e1c875487d5d0f15b03a1fd37cfe1396d13ff47440ef7f18402f1b7131e
ModiLoader
556eb256ac26f32787bf8d8b54980b1ba50b93b3736683e59b26398a1f42820f
ModiLoader
560b21baf75fc1d5dc078db85a05ee04232eb4d0123d6ce01d964ecec7d6459e
ModiLoader
5c755513f6bb355adb6e71b9970361b71191b987dbfa53a1fa4b79651b75fe15
ModiLoader
6949bcc511a2d28107608c295401bf29732355c3ab2bf2b451fdbe652938c3b9
ModiLoader
b4711ee19363ec125911ae1356714720a9d9b463848b1044d08d56977cb960db
ModiLoader
b650350fb7bdd840c9cc16502e902983d7fb5faf00ed6f60ef8439a6ccd4e33c
ModiLoader
f8256bf4c71a315eb73feee981a5f9220dfb7196476d180b5375eb40bfbfc5b0
ModiLoader
fbde44031b8acd00f624403184405b3fcf572c220c321ec82c29e7f9c3cbc233
ModiLoader
ff30b5d93f9eb3ec64ac203f9caafd54dd31677549a3aa484eb71db513fe8040
ModiLoader
+ 4 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201215-fcz9f5vras/
Behaviour
Modifies system certificate store
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
f670327031fea219b14cacb0874c92a24db2016f8da175093063e472c3e8cbf6
MD5 hash:
d935ff4781629f575828309fdfd10c33
SHA1 hash:
869059ed44576a9caef56538f199152b79c4e2a1
Detections:
win_dbatloader_g0
Create hunting rule
Link:
https://www.unpac.me/results/09e136d4-d7dc-4ce2-9091-dc2739a0d096/
Parent samples :
00ae65a6a1579c78baf89a99da5acabd1d5c1fb1c5e8a25f5225c46b65761240
718ff9580d5cae07b3b8df0372dc9c554e5c72b55a28e68f306c47d57ac72082
5cdf035217d5c312f4c3f66b4074c9c7abd9b710c0ae1b03ec2879f3657db096
b4711ee19363ec125911ae1356714720a9d9b463848b1044d08d56977cb960db
8ede03b20c5b4ef52e213ef63d0470ed9a71caa0435a0a4bb4a6b95903cfdd76
f13d529ca2630de2bbd314359f7ac92d83acb76ff80dc169990634c1ad929b0b
556eb256ac26f32787bf8d8b54980b1ba50b93b3736683e59b26398a1f42820f
6eddee04fd3f715201359b14b2ac4c017b5c68d3059ce8cd306761fc4ee754fe
SH256 hash:
6eddee04fd3f715201359b14b2ac4c017b5c68d3059ce8cd306761fc4ee754fe
MD5 hash:
bb13661b40460a40347e83697d765677
SHA1 hash:
99a076ea818bb67e0ed807a2cf98ad94dcf475fe
Link:
https://www.unpac.me/results/09e136d4-d7dc-4ce2-9091-dc2739a0d096/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Farheyt
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/6eddee04fd3f715201359b14b2ac4c017b5c68d3059ce8cd306761fc4ee754fe

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ModiLoader

Executable exe 6eddee04fd3f715201359b14b2ac4c017b5c68d3059ce8cd306761fc4ee754fe

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/898216/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/108208/

Comments