MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a3ad55ba5be0bed4561c753728a90f7e6b41f4eb10f9b79324aacbf2fc9c9e8d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a3ad55ba5be0bed4561c753728a90f7e6b41f4eb10f9b79324aacbf2fc9c9e8d
SHA3-384 hash: 8f5b4434cd874f075ad1e08ff59eef7e149ef73fd971f62eec9afba6aefb5d765140efaf188f4e7ad6cf725f280458dc
SHA1 hash: a5bedb16421291834e81ade130ce1591bb655c98
MD5 hash: 39a1f3e0232761800d83a5201b7dc698
humanhash: december-wisconsin-wisconsin-shade
File name:Payment of bank details,zip.zip
Download: download sample
Signature ModiLoader
Create hunting rule
File size:493'820 bytes
First seen:2020-10-28 08:53:38 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:HvwpQIr7NvTA1IezRO/9PrJBWDJBBDvvsAS8/bMcfH9tkqfaZLE:PwX7N7AvNO/9Pa5Dv0ASif0qfEo
TLSH 86B4231CCF8A421943AF9F8F49274B5207A4E8B9353A76DBF1835C1EC43676C6BA2471
Reporter abuse_ch
Tags:ModiLoader zip


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: mail.nipponcarsrl.com.ar
Sending IP: 200.114.86.103
From: LUMIACTION CO., LTD. <info@lumibulb.com>
Subject: bank details
Attachment: Payment of bank details,zip.zip (contains "Payment of bank details,zip.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Malware.Installcore-6717809-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a3ad55ba5be0bed4561c753728a90f7e6b41f4eb10f9b79324aacbf2fc9c9e8d/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-10-28 05:32:28 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uowvlos34c7nivq4ou3srkippzvud5hlcd43pezevlf7f7e4t2gq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

zip a3ad55ba5be0bed4561c753728a90f7e6b41f4eb10f9b79324aacbf2fc9c9e8d

(this sample)

ModiLoader

Executable exe 24af60cda9f71c743ac75a18552abe991aba2b5e8bb58b85fbbec669c44799b1

  
Dropping
MD5 da99fac290223ab8f96273780f397beb
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 24af60cda9f71c743ac75a18552abe991aba2b5e8bb58b85fbbec669c44799b1

Comments