MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 804ec4bbfb8db19d04fdcc27857e14b368f83ed892cebbbbff9d92bb843fe476. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 804ec4bbfb8db19d04fdcc27857e14b368f83ed892cebbbbff9d92bb843fe476
SHA3-384 hash: 712cd1ee9302230fe250523865db6a99cd15136cffa85085389e518056899577992da2fb2bd4b31b2f5050ac27b3f65b
SHA1 hash: 854939b433083d3852f9eb683cb376f2f5085dbd
MD5 hash: 5cae9e7a03d9e55f2cb1632da48700b0
humanhash: venus-foxtrot-colorado-illinois
File name:07-20-2020_06-59-10-PM.zip
Download: download sample
Signature ModiLoader
Create hunting rule
File size:1'216'838 bytes
First seen:2020-08-17 13:59:44 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:KA5FyAJIQ/oYJ7oIbH7bszL8AFnHsO2Hh+jul2Bzl7ps7WE:5dIQ/oA7pH7bszL8AVu+ul2BzllE
TLSH F54533D20EB519067B88E9B447AF1D1F7BF6E8BFE486AD0DDD256794002552F03C38A2
Reporter abuse_ch
Tags:ModiLoader zip


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: tur2.hipotenus.com
Sending IP: 213.159.30.161
From: amr.hussein <Limitedsidco@suhuf.net.sa>
Subject: AW: An-200580
Attachment: 07-20-2020_06-59-10-PM.zip (contains "offer order.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/804ec4bbfb8db19d04fdcc27857e14b368f83ed892cebbbbff9d92bb843fe476/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 14:01:36 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qbhmjo73rwyz2bh5zqtyk7quwnupqpwyslhlxo77twjlxbb74r3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/804ec4bbfb8db19d04fdcc27857e14b368f83ed892cebbbbff9d92bb843fe476

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

zip 804ec4bbfb8db19d04fdcc27857e14b368f83ed892cebbbbff9d92bb843fe476

(this sample)

ModiLoader

Executable exe aa840ddac1cbded575db7d3ee2d1e3102fd1c35d0a709f42209543f9913e438f

  
Dropping
MD5 10419c97cde1aa8bad4e33279a15f7f8
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aa840ddac1cbded575db7d3ee2d1e3102fd1c35d0a709f42209543f9913e438f

Comments