MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9887e8eb663c0613e4321090dbfa5c10ce4c8c1be1008f5b08d985aead68943b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9887e8eb663c0613e4321090dbfa5c10ce4c8c1be1008f5b08d985aead68943b
SHA3-384 hash: 443f5f5d95024927de93fb116f550dbc6cf696f50d7bad6c44e3fe1c238f2f1c7ec62290a3efb3b3cb5e5ee2c40043f8
SHA1 hash: d475cb5b9de6c20cf3338d6e91a21b248e36e7cd
MD5 hash: 4002ff5fd1698d6069568b3ab050d8e7
humanhash: georgia-eight-cardinal-mockingbird
File name:DHL_119040 documento de recibo,pdf.iso
Download: download sample
Signature ModiLoader
Create hunting rule
File size:1'103'872 bytes
First seen:2020-11-06 07:05:56 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:PuQSAIeXjs8BQPtd+TuaCzhnycIZTtkOFy2QSTgFRwoaQtkljsWF/sWF9H:mRMj/BQPSTuVByrthFpQSMXwoh8
TLSH C1359FA2A680D432D09315B84D5B97FC783EBEE02D64581B3BD8DE0C5F3A781B53925B
Reporter abuse_ch
Tags:DHL iso ModiLoader


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: mailer8.netsurf.it
Sending IP: 109.233.122.206
From: DHL Express Cargo <delivery@dhl.com>
Subject: RE: ENTREGA DE CARGA DHL
Attachment: DHL_119040 documento de recibo,pdf.iso (contains "DHL_119040 documento de recibo,pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9887e8eb663c0613e4321090dbfa5c10ce4c8c1be1008f5b08d985aead68943b/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-11-05 06:23:50 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tcd6r23ghqdbhzbsccinx6s4cdhezda34eai6wyi3gc25llisq5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

iso 9887e8eb663c0613e4321090dbfa5c10ce4c8c1be1008f5b08d985aead68943b

(this sample)

ModiLoader

Executable exe 782034e7edabb7bffb20511c30d90c642602d81dd4a15bfeaa5969307ddc4f34

  
Dropping
MD5 671c65be52e62e141f9bae803cb66c14
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 782034e7edabb7bffb20511c30d90c642602d81dd4a15bfeaa5969307ddc4f34

Comments