MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cd1a53c9f41a3daeefa67599db064df376db30be1fec42033e0bc26b644e6b0e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cd1a53c9f41a3daeefa67599db064df376db30be1fec42033e0bc26b644e6b0e
SHA3-384 hash: 652077242b963f3412b6c1fd970d665037ea880234ce924bcf5e10cc2ffc7c2e4684cb528af73ac262f923494737031e
SHA1 hash: 4ef2c5b0bac519c8b9436908ca45b0bfb43c227b
MD5 hash: b089566ce7fecb5db46a15e86164a3d1
humanhash: december-single-monkey-stairway
File name:Documents.zip
Download: download sample
Signature ModiLoader
Create hunting rule
File size:1'120'337 bytes
First seen:2020-07-29 11:24:20 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:VvVE0k5GFB8HtcyExggQUVcPruN39gRgx+OZ/uMAgngm3gv3FXQLB:VvVE0S4BqtcZQdruNNgM+6ZwBQ
TLSH DF3533E0C98578148682C671B31605AC4293497FC627DAFA8E17AE58A2FF43F45079FF
Reporter abuse_ch
Tags:ModiLoader zip


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: Server631.dnslake.com
Sending IP: 185.192.112.31
From: (VIVI) mainline99@163.com <rp@sobhandarou.com>
Reply-To: rp@sobhandarou.com
Subject: Re:OUR INQ. NO. ME254-9021
Attachment: Documents.zip (contains "Osskwmk_Signed_.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25545.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25560.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cd1a53c9f41a3daeefa67599db064df376db30be1fec42033e0bc26b644e6b0e/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-29 11:26:07 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zunfhspudi62535gowm5wbsn6n3nwmf6d7weeaz6bpbgwzconmha._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Farheyt
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/cd1a53c9f41a3daeefa67599db064df376db30be1fec42033e0bc26b644e6b0e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

zip cd1a53c9f41a3daeefa67599db064df376db30be1fec42033e0bc26b644e6b0e

(this sample)

ModiLoader

Executable exe 1940c82d728454e9a43d2efc7dd0033fcbf58880b32d227830e54a43b885ca3c

  
Dropping
MD5 b33d218f8b9c27960708ec9425ef539b
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1940c82d728454e9a43d2efc7dd0033fcbf58880b32d227830e54a43b885ca3c

Comments