MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d457acded8f554d756896ab3fc61b65ec2d4f2a6a8dd26b91a9e4b95e5adbf82. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d457acded8f554d756896ab3fc61b65ec2d4f2a6a8dd26b91a9e4b95e5adbf82
SHA3-384 hash: 928fa50b41a103dc810e6da48a7e6451f8d4bb4ffdfc12a7f7d5e18bf149edb84a3f1a59f2ad12cbb05df5f17864f43c
SHA1 hash: 93ec377f67eb9f81617b9255fe8ddee7cf06c92c
MD5 hash: 2420bf2f888b591205a90300d32c6d39
humanhash: hotel-kitten-oscar-dakota
File name:DHL_4422234.IMG
Download: download sample
Signature ModiLoader
Create hunting rule
File size:1'441'792 bytes
First seen:2020-10-10 07:11:47 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:0uDiCtaeLlIPFPqqDgNYN5u/g7GWDftVHa0F8Gq8wjVDsX3erBVp:TGCblI9PqqDCYN5BaWT7dwJD
TLSH 06658E32E2914437C1372A749C1B97A5AB39FF102E28AD467BF41D5C5FF9790382A293
Reporter abuse_ch
Tags:DHL img ModiLoader


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: jovial-wilbur.52-162-254-219.plesk.page
Sending IP: 168.62.105.136
From: DHL <support@dhl.com>
Subject: Your AWB Shipment Has Arrived
Attachment: DHL_4422234.IMG (contains "DHL_4422234.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
145
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d457acded8f554d756896ab3fc61b65ec2d4f2a6a8dd26b91a9e4b95e5adbf82/
Threat name:
Win32.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-10-10 05:24:49 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2rl2zxwy6vknovujnkz7yynwl3bnj4vgvdosnoi2tzfzlznnx6ba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d457acded8f554d756896ab3fc61b65ec2d4f2a6a8dd26b91a9e4b95e5adbf82

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

img d457acded8f554d756896ab3fc61b65ec2d4f2a6a8dd26b91a9e4b95e5adbf82

(this sample)

ModiLoader

Executable exe 35010d7327d1d1b205cc31edcda34c639e55d1f0a433038c8193781ac5df1a8e

  
Dropping
MD5 77e63cdce6ad44715f2f1c1b264fd465
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 35010d7327d1d1b205cc31edcda34c639e55d1f0a433038c8193781ac5df1a8e

Comments