MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7ce7b76587ef2eeeeb1903f19017d0140597a65b0a020524b5caf930acd4978e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7ce7b76587ef2eeeeb1903f19017d0140597a65b0a020524b5caf930acd4978e
SHA3-384 hash: 473f9d6b8c5fa99f1c6b8c07509d8c434c09b620b34e147e0f01ee95b826adb3510ce61e4a62b75397ac30d714ada8ee
SHA1 hash: 103bad8dd04db93b0f758f38421b4bbf4a73b443
MD5 hash: 6e51f7f7264da47777eb035512ab1b55
humanhash: triple-fifteen-fish-sweet
File name:PO0007507_009389283882873PDF.iso
Download: download sample
Signature ModiLoader
Create hunting rule
File size:1'089'536 bytes
First seen:2020-11-19 07:05:30 UTC
Last seen:2020-11-19 12:08:36 UTC
File type: iso
MIME type:application/x-iso9660-image
ssdeep 24576:fe6zEOgbfWqUragK5TZxUScffBxsqPerMmzZC3N4Sr5RPEwdCkEC3NKbemaF8ONT:fe6IfW32nURxsqPerMmzZC3N4Sr5RPEO
TLSH 87359E12B7A28C77C1D6063DAF4B93641426BE72296C55073FEC2A4D0B392412FDEE97
Reporter abuse_ch
Tags:iso ModiLoader


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: smtp4
Sending IP: 52.252.101.133
From: MAMS TRADING LLC - AA Turki Group <treybd@gmail.com>
Subject: Trade Inquiry from Saudi Arabia
Attachment: PO0007507_009389283882873PDF.iso (contains "PO#0007507_009389283882873PDF.exe")

Intelligence

File Origin
# of uploads :
3
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs1920.UNOFFICIAL
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Verdict:
SUSPICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7ce7b76587ef2eeeeb1903f19017d0140597a65b0a020524b5caf930acd4978e/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-11-19 06:44:38 UTC
File Type:
Binary (Archive)
Extracted files:
54
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ptt3ozmh54xo52yzapyzaf6qcqczpjs3bibakjfvzl4tblgus6ha._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

iso 7ce7b76587ef2eeeeb1903f19017d0140597a65b0a020524b5caf930acd4978e

(this sample)

ModiLoader

Executable exe 29cf2f87bd9503ddd65e08e9aab1e80bfef318873e649ca0db4e6b079f31b9a4

  
Dropping
MD5 1a3083bec91bf309688e15373f9e62e0
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 29cf2f87bd9503ddd65e08e9aab1e80bfef318873e649ca0db4e6b079f31b9a4

Comments