MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b2a922e5e5a0a6b87c1d52f6dca6db12fa48246cf0e46d26106a88e5b5d5b475. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b2a922e5e5a0a6b87c1d52f6dca6db12fa48246cf0e46d26106a88e5b5d5b475
SHA3-384 hash: e2d0ef16dde4a850d9c826b2962b74f1937707efe9222c10a4dc7b9a4a3237eedf9dd6bdbe70991500aec2f171bafb5b
SHA1 hash: a5dd7d7f2ad1332f6297b217bf52ddbc5d3b79f6
MD5 hash: acac79eeb4bb920ce340c0fe725f2b54
humanhash: may-lamp-orange-queen
File name:Q-20E122269-USD Inquiry No.201200019_doc .img
Download: download sample
Signature ModiLoader
Create hunting rule
File size:819'200 bytes
First seen:2020-12-14 14:26:27 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:74Per7j2cD2/gERzL6XeF03yKnkn3Hp2EAIFOQYN:7VKc63GkSnioEvOf
TLSH 93059E13F2904437D16716799C1B97A8AC26BE103E349D8A7BED3D0C4F3A791782A2D7
Reporter cocaman
Tags:img ModiLoader


Avatar
cocaman
Malicious email (T1566.001)
From: "Alex Tan <a.alxtan@iei.com.sg>" (likely spoofed)
Received: "from iei.com.sg (unknown [193.142.59.104]) "
Date: "14 Dec 2020 13:25:43 -0800"
Subject: "RE: Q-20E122269-USD: Inquiry No.201200019"
Attachment: "Q-20E122269-USD Inquiry No.201200019_doc .img"

Intelligence

File Origin
# of uploads :
1
# of downloads :
127
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_badexts62.UNOFFICIAL
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Variant.Strictor.253009.11269.9482.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b2a922e5e5a0a6b87c1d52f6dca6db12fa48246cf0e46d26106a88e5b5d5b475/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-12-14 11:47:58 UTC
File Type:
Binary (Archive)
Extracted files:
100
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wkusfzpfuctlq7a5kl3nzjw3cl5eqjdm6dsg2jqqnkeolnovwr2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b2a922e5e5a0a6b87c1d52f6dca6db12fa48246cf0e46d26106a88e5b5d5b475

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

img b2a922e5e5a0a6b87c1d52f6dca6db12fa48246cf0e46d26106a88e5b5d5b475

(this sample)

ModiLoader

Executable exe 35b67e1c875487d5d0f15b03a1fd37cfe1396d13ff47440ef7f18402f1b7131e

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 35b67e1c875487d5d0f15b03a1fd37cfe1396d13ff47440ef7f18402f1b7131e

Comments