MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7046b54608f13e06a2d778a00d1b21fa6949ff2084b9460dcc930683d23c59a0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ModiLoader

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	7046b54608f13e06a2d778a00d1b21fa6949ff2084b9460dcc930683d23c59a0
SHA3-384 hash:	bf8eebe5d0ee950fd24dcf1bf42ba3529241c98856a0c6b0319bddb147db763bdeeb5d63624977b58b2750c7043c9313
SHA1 hash:	2725e65d76d5d30b7d64570333c688a880cf43dc
MD5 hash:	8b164c9bed389d664caa218ba2914b36
humanhash:	alpha-hydrogen-michigan-sodium
File name:	NEW PO 20001578.xz
Download:	download sample
Signature	ModiLoader Create hunting rule
File size:	493'887 bytes
First seen:	2020-10-28 08:55:24 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	12288:NbTq5dgAKvTakng0q0Ew01RsA1TnNAbqNJk3zN:Nbm7sXg3wMs0Tnn6zN
TLSH	D9B423389157DBD0DE0AD7587EEF4871C1AB1E5EC3E9EF1789BC1B00F8630A892A0951
Reporter	abuse_ch
Tags:	ModiLoader xz

abuse_ch

Malspam distributing ModiLoader:

HELO: box.mcielectronics.cl
Sending IP: 104.237.156.161
From: Majdi Njadat<m-njadat@petra-eng.com.jo>
Subject: NEW PO # 20001578
Attachment: NEW PO 20001578.xz (contains "NEW PO # 20001578.exe")