MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b3aaa25577ded32ea0f2f4460bc5666cd4e83c607c7ddc725500bef96886c491. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ModiLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	b3aaa25577ded32ea0f2f4460bc5666cd4e83c607c7ddc725500bef96886c491
SHA3-384 hash:	9dd15a612ed7bedb742825fab614caa53759194e0578da5930964af51c2db0e85ac0927771a970931c330060f9da95a6
SHA1 hash:	d61085b29ff09bd7d94db8e7fdab83c2e21e5886
MD5 hash:	f365401d48d844bf4df675ffc9dc4a02
humanhash:	robert-ceiling-south-oven
File name:	RFQ for TRANS ANATOLIAN NATURAL GAS PIPELINE (TANAP) - PHASE 1(Package 2).xz
Download:	download sample
Signature	ModiLoader Create hunting rule
File size:	619'311 bytes
First seen:	2020-11-17 07:14:04 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	130312efe8892496180179ce46d20b79 (7 x NetWire, 2 x DarkComet, 2 x ModiLoader)
ssdeep	12288:n3TD4DnRfwKl+kqMklwZKec0SvvYZsOAnt6HLfTFP+d6pjG:3TQuKl+kqMk30+hOAnsjhjG
Threatray	47 similar samples on MalwareBazaar
TLSH	A3D4021226C1C032E47358319DF9DBB1A9B9B8382A71954FBB900A6DAF316D2C737753
Reporter	fabjer
Tags:	archive

Intelligence

File Origin

# of uploads :

1

# of downloads :

102

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.PUA.Tool.BtcMine.1618.231.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Searching for the window

Result

Gathering data

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/539071

Signature

Machine Learning detection for dropped file

Machine Learning detection for sample

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b3aaa25577ded32ea0f2f4460bc5666cd4e83c607c7ddc725500bef96886c491/

Threat name:

Win32.Spyware.AveMaria

Status:

Malicious

First seen:

2020-11-17 06:11:53 UTC

AV detection:

19 of 28 (67.86%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=wovkevlx33js5ihs6rdaxrlgntkoqpdapr65y4svac7ps2egysiq._file

Verdict:

suspicious

Similar samples:

09f671389b1751b349057fbb454c9a8263e95fbb8af54f47a016abad4a925472

1b13660c52adcccc1cef45f137a3373f5615500a609c61a9872e5ed4336e629a

329e8814efa351d1c58c275981a39cf0a9ef0f50d8eb8db9bbb8f70020d75204

3494fdebd477fb45b537334f415f6e7b56ad7aa2764f80472ee7cb705d30eb65

4d4b219a3788d8e40bd7083d421e3d7d399a065bd53afb6e74d3fb7ab2bc09bd

584e708b0a6e5782746eb169983ada677c6b0e0fc93fb01751b7393ef8d975cf

9e2bea46ed015f98e1fb7591e83f1cac52c51f5e3f004cc6a57c508dcef134e0

cf1e8f2fc2dd05514be3e8f92abf5b266dfb1547cc611dabc0cc4eea5a1b7dfe

e131a045dc4874ee4eed8e75af0faeecaf86a80e18f13b9845a8b6f57686beec

fae7f26d7b1d09486a585023081493b1315895d9ebf6dac3a56cdd4e32590424

+ 37 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/201117-4mk23vppfa/

Behaviour

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Unpacked files

SH256 hash:

b3aaa25577ded32ea0f2f4460bc5666cd4e83c607c7ddc725500bef96886c491

MD5 hash:

f365401d48d844bf4df675ffc9dc4a02

SHA1 hash:

d61085b29ff09bd7d94db8e7fdab83c2e21e5886

Link:

https://www.unpac.me/results/d0bb5165-f3fb-47b0-afeb-3e0355baf3f0/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

exe b3aaa25577ded32ea0f2f4460bc5666cd4e83c607c7ddc725500bef96886c491

(this sample)

exe 4273b1d1ede5642d214be245fd041250539f7f34779737c37856f602491948f5

Dropping

SHA256 4273b1d1ede5642d214be245fd041250539f7f34779737c37856f602491948f5

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample