MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 88207a32009ece885449dc402d5a82666bcd7cf5909f39d4da7fa969a91b8c65. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 88207a32009ece885449dc402d5a82666bcd7cf5909f39d4da7fa969a91b8c65
SHA3-384 hash: 92e73fe16cdb060025a4432f2becd227178272aeada49f0a4934bf83cc0c7f6811396db1174d5a66756ce8f639863629
SHA1 hash: fe882b9375b020bc872ee1b7a8d456237fbebfd2
MD5 hash: c484cd40ba4100f9e28328b4e54c9218
humanhash: east-batman-sodium-emma
File name:ups_attachment.iso
Download: download sample
Signature ModiLoader
Create hunting rule
File size:1'638'400 bytes
First seen:2020-10-13 17:43:12 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 24576:Vjo1Kn74XfBU8Rup5qmz5zd9QkuoNcAOQ9GeUH1m:V0s70fBUdLqM5ck7NcR7
TLSH 3D75AFF2F2914437D1371A788C1BA3B9693A7E132E2C9886BBF81D485F356417C39297
Reporter abuse_ch
Tags:iso ModiLoader UPS


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: pensive-goldstine.52-177-9-70.plesk.page
Sending IP: 52.177.9.70
From: "UPS Customer Service" <customer@ups.com>
Subject: UPS - Pending delivery
Attachment: ups_attachment.iso (contains "Nzulmlu_Signed_.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/88207a32009ece885449dc402d5a82666bcd7cf5909f39d4da7fa969a91b8c65/
Threat name:
Win32.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-10-13 14:45:56 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=raqhumqat3hiqvcj3rac2wucmzv427hvscpttvg2p6uwtki3rrsq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/88207a32009ece885449dc402d5a82666bcd7cf5909f39d4da7fa969a91b8c65

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

iso 88207a32009ece885449dc402d5a82666bcd7cf5909f39d4da7fa969a91b8c65

(this sample)

ModiLoader

Executable exe 29e976622956314e13cff9fce7e829a27827214ddcfd41ccd33fc4faca45b566

  
Dropping
MD5 022633585f48d1b513ffb7696fd6973a
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 29e976622956314e13cff9fce7e829a27827214ddcfd41ccd33fc4faca45b566

Comments