MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e7cdc2e15998acd69e2cc03d6680957e2f3b89fe6ba7c6384c767df8a9b07d9c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e7cdc2e15998acd69e2cc03d6680957e2f3b89fe6ba7c6384c767df8a9b07d9c
SHA3-384 hash: 6af336e5fbe3f5c83490ddbf85eb5d7765b699275282665eec38f6a69c5e271b2885b71c5e2b342cad08099f108a9842
SHA1 hash: c190439a4893dbf57b4e5dca8517e7640ff864f0
MD5 hash: 8df951eb844ef0ed33998be827cb4ec8
humanhash: potato-fanta-fruit-five
File name:Contract 14328.gz
Download: download sample
Signature ModiLoader
Create hunting rule
File size:341'752 bytes
First seen:2020-10-21 07:00:24 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:Yicg2GbUGtKNK8STR/YWjLdVEvweWEAOTz2oGyMCj4o6Iz/sNCoM0Rf8Fh:jiGtLThYW3CASiyMC8Iz/sNPRf8f
TLSH EA74234610BF6E6670245C8A7E1D2252FCC9DDE9F9EBC38CAB20317B05A91D05FAD0E1
Reporter abuse_ch
Tags:gz ModiLoader


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: arslanturktr.com
Sending IP: 37.49.225.237
From: Ensar Ozserdar | Arslanturk S.A <ensar.ozserdar@arslanturktr.com>
Subject: New Contract
Attachment: Contract 14328.gz (contains "Contract 14328.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e7cdc2e15998acd69e2cc03d6680957e2f3b89fe6ba7c6384c767df8a9b07d9c/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-20 17:35:46 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=47g4fykztcwnnhrmya6wnaevpyxtxcp6not4mocmoz67rknqpwoa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

gz e7cdc2e15998acd69e2cc03d6680957e2f3b89fe6ba7c6384c767df8a9b07d9c

(this sample)

ModiLoader

Executable exe 046ff9f608525faf76e353263ddad485e547ff4797b183ddd850f0f2c8209f91

  
Dropping
MD5 82416219d4b535690e9b019ce55529f3
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 046ff9f608525faf76e353263ddad485e547ff4797b183ddd850f0f2c8209f91

Comments