MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7250126a17d370bbd6eadb679d1678b0760e40f984fe9237d3dda0c4bacf5d79. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7250126a17d370bbd6eadb679d1678b0760e40f984fe9237d3dda0c4bacf5d79
SHA3-384 hash: 9f9a46cd5d52b78eb53a46103da4302f17528269131e26fd58ab5de159c857ece2496f57194cedcbac487fa81ce1d166
SHA1 hash: db7fec66b2081e3edb44c05b43240535d2b387aa
MD5 hash: 3d51d8808eb1edc800c0a7057ea88930
humanhash: golf-seventeen-california-eight
File name:RFQ Valves 664KU.cab
Download: download sample
Signature ModiLoader
Create hunting rule
File size:466'749 bytes
First seen:2020-12-17 08:47:02 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:QXjfSmwP80coGTG7nGP1yAi3XrUVUbaWi:QXjfg80OTG7nGP8x3byGS
TLSH EDA42345DDB0F0CC318632EE6505810D6AE9DA5407C6DAE883BFF9148717A539AEEC2F
Reporter abuse_ch
Tags:cab ModiLoader


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: mail.esteem.com.my
Sending IP: 124.217.245.59
From: Tariq M.Sulaiman <gm@tmbiraq.com>
Subject: REQUEST FOR VALVES 664KU
Attachment: RFQ Valves 664KU.cab (contains "RFQ Valves 664KU.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
132
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.DrodRar-AIC.7670.16347.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7250126a17d370bbd6eadb679d1678b0760e40f984fe9237d3dda0c4bacf5d79/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-12-17 08:48:06 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ojibe2qx2nylxvxk3ntz2ftywb3a4qhzqt7jen6t3wqmjowplv4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7250126a17d370bbd6eadb679d1678b0760e40f984fe9237d3dda0c4bacf5d79

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

rar 7250126a17d370bbd6eadb679d1678b0760e40f984fe9237d3dda0c4bacf5d79

(this sample)

ModiLoader

Executable exe 016fa792f8385aa4279c96be727537b054dc89e5f58d1b90f271e37c8cad9c00

  
Dropping
MD5 3352c3dec270a79c54d41ba24ed4d40a
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 016fa792f8385aa4279c96be727537b054dc89e5f58d1b90f271e37c8cad9c00

Comments