MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d3077f18629465f587395b724351cf2eddb90c1a9d67af5d6e146727f857f8d9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d3077f18629465f587395b724351cf2eddb90c1a9d67af5d6e146727f857f8d9
SHA3-384 hash: 726acd31d1b4d49e1b91a6c42580181d54ffe786ead0b098296e778f82bb90d8b4cb4196d3dab6b2379e41b1b19e8360
SHA1 hash: 779c51b1d068c3683419118023875cb2e9cd03bd
MD5 hash: 77850e916eeba346c6345ed04e3a8406
humanhash: stream-indigo-lion-purple
File name:Swift_28960_Ziraat_Bankasi_5A186F_IMG.xz
Download: download sample
Signature ModiLoader
Create hunting rule
File size:307'216 bytes
First seen:2020-12-28 08:00:57 UTC
Last seen:2020-12-28 13:29:41 UTC
File type: xz
MIME type:application/x-rar
ssdeep 6144:24BtbKrgkCwR54VCqyQskIYN4dtoCmcQurifIirEFuIcuN+8hossDSr:RB4rfCwJdQtIxZldiflEFuIcuBhtl
TLSH E564230F131E48C3D6909F77D06144711CA3BEB2E5957A8463880E27E58277FE9E9CAE
Reporter abuse_ch
Tags:geo ModiLoader TUR xz


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: smtp.redshift.com
Sending IP: 216.228.2.205
From: Mehmet | Ziraat Bankası <rsanchez@redshift.com>
Reply-To: Microsoft Outlook <adminupdates@opendoors.fun>
Subject: Fwd: Fwd[2]: 28,960 USD Swift Copy Bildirimi
Attachment: Swift_28960_Ziraat_Bankasi_5A186F_IMG.xz (contains "Swift_28960_Ziraat_Bankasi_5A186F_IMG.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
594
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.857.29830.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d3077f18629465f587395b724351cf2eddb90c1a9d67af5d6e146727f857f8d9/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-12-28 07:17:36 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2mdx6gdcsrs7lbzzlnzeguopf3o3sda2tvt26xlocrtsp6cx7dmq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d3077f18629465f587395b724351cf2eddb90c1a9d67af5d6e146727f857f8d9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

xz d3077f18629465f587395b724351cf2eddb90c1a9d67af5d6e146727f857f8d9

(this sample)

ModiLoader

Executable exe 977f77728f1783062f8c072096f0b7535ec74f686c3e40db5dc78766edabffeb

  
Dropping
MD5 90f8e06ecc2e65ead5b980c2c05c80c2
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 977f77728f1783062f8c072096f0b7535ec74f686c3e40db5dc78766edabffeb

Comments