MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a7a73d7642bccd06be09f9331a0b955dd735390a03d6a4499adb9a1c371c60d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7a7a73d7642bccd06be09f9331a0b955dd735390a03d6a4499adb9a1c371c60d
SHA3-384 hash: 9e9c8480b4441d7498c39f993473eec632b9c8e1db29459600fac08096073f191387c3530139d3d0f1ced811107758c3
SHA1 hash: fa50494207b5b5491dbd4eb5d9fd173be8d16571
MD5 hash: d5e1c74dd2fb6b4e73debfa75c1ffe2d
humanhash: winter-wyoming-thirteen-golf
File name:Scan_17-08-2020 AFSLC INV0002932.r00
Download: download sample
Signature ModiLoader
Create hunting rule
File size:335'794 bytes
First seen:2020-08-17 13:55:50 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:6je8LrLDy54M2LJzTbOl/QnD0ns5ef4hvXji75nufccqhzpiXW94rM43VBy:6je8LrLDyB2Z0YD0naMYcZhzpic4rMgi
TLSH 1264238EB2692CC7C1D7EF8CA5D3BE34D037EE2A7419796932C91643F64488074B7869
Reporter abuse_ch
Tags:ModiLoader r00


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: eeac.ae
Sending IP: 104.129.2.91
From: "SHAKIR PARKAR" <s.finance@eeac.ae>
Subject: CHARTER INVOICES FOR FLIGHT DATE 14-AUG-2020
Attachment: Scan_17-08-2020 AFSLC INV0002932.r00 (contains "Scan_17-08-2020 AFSLC INV#0002932.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7a7a73d7642bccd06be09f9331a0b955dd735390a03d6a4499adb9a1c371c60d/
Threat name:
Win32.Spyware.AveMaria
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 05:22:13 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pj5hhv3efpgna27at6jtdifzkxoxgu4qua6wurezvw42dq3ryygq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7a7a73d7642bccd06be09f9331a0b955dd735390a03d6a4499adb9a1c371c60d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

r00 7a7a73d7642bccd06be09f9331a0b955dd735390a03d6a4499adb9a1c371c60d

(this sample)

ModiLoader

Executable exe 51966d322a39d2b7c08c85a58e19b558ab678862385be75ab90e69b84fde583f

  
Dropping
MD5 08a52cf16a9045938a367bfe488f1009
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 51966d322a39d2b7c08c85a58e19b558ab678862385be75ab90e69b84fde583f

Comments