MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ddf73dcb3514ba9625c09251fba6eb59fe35977f1dd44bb1253c5d9194649cfb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ddf73dcb3514ba9625c09251fba6eb59fe35977f1dd44bb1253c5d9194649cfb
SHA3-384 hash: e0f0285caa28fc10de4d850861d96f4f0c6286b932e97fa8d0d58289c0695866a3f97e9e306463d81c940e7efe1e7f5c
SHA1 hash: 0d7bfdf26d9b68a982d233fe4456b68cbc1847f9
MD5 hash: 1f3aad3518243c69cab7fb1744b3e59b
humanhash: speaker-sixteen-bacon-fanta
File name:scnn7676766.zip
Download: download sample
Signature ModiLoader
Create hunting rule
File size:601'606 bytes
First seen:2020-11-05 09:16:28 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:2aJi9+k3zWuGeBemySUIgVNxsr+/2jGZpV3BSRTBnqhAwNdtywZPMc40:m+k3zWuGeBYxsi6IctnEAwNdtyKPH40
TLSH 75D423B0AD24E069F5AA4C5007FCF69748FB0CF8D406D349D29B4798776286E3B71789
Reporter abuse_ch
Tags:geo GRC ModiLoader zip


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: hosting.baulink.net
Sending IP: 185.31.32.244
From: info@ravagohellas.gr
Subject: Re: Re: Συνημμένο αντίγραφο τραπεζικής μεταφοράς
Attachment: scnn7676766.zip (contains "scnn7676766.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Fareit-FZO82C53D0CF1F4.16975.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ddf73dcb3514ba9625c09251fba6eb59fe35977f1dd44bb1253c5d9194649cfb/
Threat name:
Win32.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-11-04 22:23:49 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3x3t3szvcs5jmjoasji7xjxllh7dlf37dxkexmjfhrozdfdett5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

zip ddf73dcb3514ba9625c09251fba6eb59fe35977f1dd44bb1253c5d9194649cfb

(this sample)

ModiLoader

Executable exe 2ca6ec7b8f70c8d16ad384a61e4c1cbb9ec02bd51e21648aa5f6af3fd40abd92

  
Dropping
MD5 00456dc029b634d1e4b52f7f117cb5d3
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2ca6ec7b8f70c8d16ad384a61e4c1cbb9ec02bd51e21648aa5f6af3fd40abd92

Comments