MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d66e4bb2c618bd75c54803920d851f29481210d66366e2dc8950666909fb2794. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d66e4bb2c618bd75c54803920d851f29481210d66366e2dc8950666909fb2794
SHA3-384 hash: 709aa4c9c4ad69243534ae49d6ab416c5605689e47a68439da890b09bbed11973c1b1a0dc401c4916ca97b491d302d8a
SHA1 hash: 1a57c5e1f1d4ee292e8a6d82377d844a74d35fb8
MD5 hash: 146f7cf6a493d72c4ea96b6bd830bf31
humanhash: grey-ohio-oregon-nebraska
File name:BL Surrender - GOLDEN STAR 1 V.4970S - PGUCB19003290.r00
Download: download sample
Signature ModiLoader
Create hunting rule
File size:426'805 bytes
First seen:2020-10-22 07:11:05 UTC
Last seen:2020-10-23 09:09:06 UTC
File type: r00
MIME type:application/x-rar
ssdeep 12288:na2MK6YuIo7TCuruXBKgxJwny74bNg0cEZGpm3vdje0:a2z6YQHDuRUy7McEg4
TLSH 4D942346BAA99F58D0E33B66D07C843D51C2C923CBC0EA5E07F98842A064D5FB675A3D
Reporter abuse_ch
Tags:ModiLoader r00


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: rclgroup.com
Sending IP: 185.222.57.249
From: Viswanathan Sankaranarayanan <viswanathan@rclgroup.com>
Subject: RE: BL SURRENDERING // BL NO:PGUCB19003290 (AWB - HBL)
Attachment: BL Surrender - GOLDEN STAR 1 V.4970S - PGUCB19003290.r00 (contains "BL Surrender - GOLDEN STAR 1 V.4970S - PGUCB19003290.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d66e4bb2c618bd75c54803920d851f29481210d66366e2dc8950666909fb2794/
Threat name:
Win32.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-10-22 04:59:50 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2zxexmwgdc6xlrkiaoja3bi7ffebeegwmntofxejkbtgscp3e6ka._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

r00 d66e4bb2c618bd75c54803920d851f29481210d66366e2dc8950666909fb2794

(this sample)

ModiLoader

Executable exe 5cbed2f8a5fdadbd99816c4c8792bd51a2db7479f80bf70409f0f257f942d0c9

  
Dropping
MD5 ef2312ebf1f8cc5a1fc79405a4a46e39
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5cbed2f8a5fdadbd99816c4c8792bd51a2db7479f80bf70409f0f257f942d0c9

Comments