MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b0f11ad53382c81e4a9339c0d79aa6033648a1e16f1e15b1fe81e328fcd3dd91. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b0f11ad53382c81e4a9339c0d79aa6033648a1e16f1e15b1fe81e328fcd3dd91
SHA3-384 hash: 8221615c0bfc71978e1d3bb461b3a335f32a6f076dde780d05fad4c9e72fd17b07a708998490481530fbc9378c83f7fb
SHA1 hash: 650be87c26daaf6f0599834e5b0c89377c7c1f56
MD5 hash: 7f7f7efbc1f20322e1206fdb7a9a072f
humanhash: utah-six-venus-sweet
File name:IT3(b) certificate.img
Download: download sample
Signature ModiLoader
Create hunting rule
File size:1'638'400 bytes
First seen:2020-12-09 11:03:20 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:cklbZpRNhPXNH/yLjaKuOfl80E7D/cX+2hu0a:ckhRXNNKuOt8T/2vhux
TLSH 8A75BEE2F6D0413EF13605709D4795756828EE192E8EA84637BE2F0C0F7D6C6381B99B
Reporter abuse_ch
Tags:img ModiLoader


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: rdns0.notifyme.website
Sending IP: 145.239.35.251
From: Standard Bank <Client.Queries@standardbank.com.na>
Subject: SBSA IT3(b) Certificate Updated
Attachment: IT3(b) certificate.img (contains "IT3(b) certificate_846392852289725282735792726639.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
119
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
IT3(b) certificate.img
Verdict:
No threats detected
Analysis date:
2020-12-09 11:49:11 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ee5bff94-7353-4602-9052-0744cb0acd18

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

PUA.Win.Adware.Qjwmonkey-6892535-0
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b0f11ad53382c81e4a9339c0d79aa6033648a1e16f1e15b1fe81e328fcd3dd91/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-12-09 11:04:11 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wdyrvvjtqleb4suthhanpgvgam3eripbn4pblmp6qhrsr7gt3wiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Remcos
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b0f11ad53382c81e4a9339c0d79aa6033648a1e16f1e15b1fe81e328fcd3dd91

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

img b0f11ad53382c81e4a9339c0d79aa6033648a1e16f1e15b1fe81e328fcd3dd91

(this sample)

ModiLoader

Executable exe 5fb4f85646ca28a28ebcbdf6abc944530a57222c7c57b90538a3fb1e436632d5

  
Dropping
MD5 e99202275a4ceea80b2a7670e60017a5
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5fb4f85646ca28a28ebcbdf6abc944530a57222c7c57b90538a3fb1e436632d5

Comments