MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 905d1b10089c967c17b49aa82b67ffea3c9040aad1668a0cec5a3e7a616564fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 905d1b10089c967c17b49aa82b67ffea3c9040aad1668a0cec5a3e7a616564fd
SHA3-384 hash: d521e44f15db29a5f65f050c2dfbca404da52aafeff0fa6346a2c6b7579ca42875ac18ab08a75a259f364e698ee35029
SHA1 hash: c017c03af19d61ff5d0436d7f21b8fe1c33ad8de
MD5 hash: 5e50a3c50960707b854c8d1c007a3ec1
humanhash: red-six-lemon-kansas
File name:TT Copy_pdf.arj
Download: download sample
Signature ModiLoader
Create hunting rule
File size:353'927 bytes
First seen:2020-10-19 18:16:12 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:jqXF1csKbVXrefgh6yT/b1SD7OCTgb4+ED2mFHVAr1v534GTSmd28x3blZhd:2XF1RU/6CDEXOCTgbytFHV0h355Tx3b/
TLSH B57423B59A4A205EC57FF040C4B257F41E5FBB443A3B10B2E9D63241E636AEA67024CF
Reporter abuse_ch
Tags:arj ModiLoader


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: jac0.lensing-promotion.com
Sending IP: 94.140.115.229
From: Nishan <services@g1economia.com>
Subject: Acknowldge TT Copy
Attachment: TT Copy_pdf.arj (contains "Szfrvnj.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/905d1b10089c967c17b49aa82b67ffea3c9040aad1668a0cec5a3e7a616564fd/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-10-19 13:15:45 UTC
AV detection:
16 of 26 (61.54%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sborweaitslhyf5utkucwz775i6jaqfk2ftiudhmli7huylfmt6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/905d1b10089c967c17b49aa82b67ffea3c9040aad1668a0cec5a3e7a616564fd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

arj 905d1b10089c967c17b49aa82b67ffea3c9040aad1668a0cec5a3e7a616564fd

(this sample)

ModiLoader

Executable exe 8b1ae0657658c35d391652b847033a662145b2cc0fd653740577b987695d979b

  
Dropping
MD5 ae9e623f420f8a70c0d1e8e33c369a16
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8b1ae0657658c35d391652b847033a662145b2cc0fd653740577b987695d979b

Comments