MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 71f3e1ab9c0f022ac4c167a75b257d393c323c61037a476c1179e84cfba94589. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 71f3e1ab9c0f022ac4c167a75b257d393c323c61037a476c1179e84cfba94589
SHA3-384 hash: 1c7db00f412d31d5781c365298d0356d9dfeb194af8911492eb423c7a92ed69fec6d20f2aab6ee1126ad58ab5b5d2781
SHA1 hash: 2e76f10972c266bdb5257c76471ae26c0bfe1776
MD5 hash: c000292638b7fc8147f364091bf6c728
humanhash: kitten-zulu-alabama-gee
File name:RFQ-0021590.gz
Download: download sample
Signature ModiLoader
Create hunting rule
File size:560'809 bytes
First seen:2020-08-05 11:52:49 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:L1u+wnzooC8sUcvlG0cQfv1vMIvFzAgOFTeyq/Fjd:L1jPt80cYlv2gOFTeyqJd
TLSH C7C4233D237DDF8C17FB2013590A646DE5496D8A0A29DDD5788BBBEC8D1EA86C12483C
Reporter abuse_ch
Tags:gz Hetzner ModiLoader


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: static.33.46.181.135.clients.your-server.de
Sending IP: 135.181.46.33
From: Nikki Ramil <thassab@tm.net.my>
Subject: REQUEST FOR QUOTATION
Attachment: RFQ-0021590.gz (contains "RFQ-0021590.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/71f3e1ab9c0f022ac4c167a75b257d393c323c61037a476c1179e84cfba94589/
Threat name:
Win32.Trojan.Delf
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 11:54:09 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ohz6dk44b4bcvrgbm6tvwjl5he6depdban5eo3arphuez65jiweq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/71f3e1ab9c0f022ac4c167a75b257d393c323c61037a476c1179e84cfba94589

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

gz 71f3e1ab9c0f022ac4c167a75b257d393c323c61037a476c1179e84cfba94589

(this sample)

ModiLoader

Executable exe dbd76903b175aa699bd263d7a04a07cc17a1341478bef3493bc43714aee20318

  
Dropping
MD5 7cdec805b6b7c67cd3a666489a83b82e
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dbd76903b175aa699bd263d7a04a07cc17a1341478bef3493bc43714aee20318

Comments