MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bea4888fa529faa93e9b54a7fb50fdd9e0898c908745ecbd6078089041cb6085. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bea4888fa529faa93e9b54a7fb50fdd9e0898c908745ecbd6078089041cb6085
SHA3-384 hash: 81d0b9805cc25a2f47ad58da5edcfaf8cabd0cd8e1a0ee34f616b14fa1bffeceb510cea6eeed26b419b98132ace97e3f
SHA1 hash: b61de40e0a8f7cac72268f9bc387dea24dc30cbd
MD5 hash: e090350d5e6f44c8a02bb8368a56d513
humanhash: seven-tango-undress-violet
File name:订单确认,pdf.rar
Download: download sample
Signature ModiLoader
Create hunting rule
File size:414'874 bytes
First seen:2020-10-28 08:56:32 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:PWg1IOm7wVSs7L4ocpPQ44kNRPzXrTz5rzkzIoHw:OvKpLEpkORPbrTz5rzWIoHw
TLSH 0D942343A708123573362A277BCD59BA9312F516A085326B129C931ED3B53EB37E793C
Reporter abuse_ch
Tags:ModiLoader rar


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: mail.nipponcarsrl.com.ar
Sending IP: 200.114.86.103
From: CSM Co.,LTD <csm9@nonferrous-metal.com>
Subject: RE:订单确认 CSM Co.,LTD
Attachment: 订单确认,pdf.rar (contains "订单确认,pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bea4888fa529faa93e9b54a7fb50fdd9e0898c908745ecbd6078089041cb6085/
Threat name:
Win32.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-10-28 06:08:17 UTC
AV detection:
12 of 29 (41.38%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x2sird5ffh5kspu3kst7wuh53hqitdeqq5c6zplapaejaqolmccq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

rar bea4888fa529faa93e9b54a7fb50fdd9e0898c908745ecbd6078089041cb6085

(this sample)

ModiLoader

Executable exe 4707d12ac7c445123243c1106f805600be99b1201ddd94e131c569d86b586bf2

  
Dropping
MD5 04cd5775e163ddc8d5d10155ed525364
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4707d12ac7c445123243c1106f805600be99b1201ddd94e131c569d86b586bf2

Comments