MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ecccba19ec91e0fd9fd4e599bd95f5f465d5c68bf774f17e7f8e4b3162ccb97b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ecccba19ec91e0fd9fd4e599bd95f5f465d5c68bf774f17e7f8e4b3162ccb97b
SHA3-384 hash: ae5e006cc6cf701ef0ee398d6f682ddad1f6679aefd278746f440c23cba3364a19451f611d8ac6e25a6c15f2c70c1906
SHA1 hash: 2175f1b899b137497c5b9d0b747834cf5308e8d5
MD5 hash: 6de0721364919a95f26e5464d60d4d7d
humanhash: twenty-california-washington-uniform
File name:eInvoicing,pdf.iso
Download: download sample
Signature ModiLoader
Create hunting rule
File size:798'720 bytes
First seen:2021-01-19 07:46:15 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:exVyof7rYaf81stsbFYooXiJ6N6BvUv22:e7HJf81+sb3Wl6BvU+2
TLSH 83057C66A2E44736C12B257D5D27D765AC25BE0D3D38584E37E83C088F39272382D6AF
Reporter abuse_ch
Tags:DHL iso ModiLoader


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mx-mail-3.vianova.it
Sending IP: 46.44.255.74
From: DHL Express <info@dhlexpressgrp.pw>
Subject: COMMERCIAL INVOICE AND BILL OF LANDING...19/01/2021
Attachment: eInvoicing,pdf.iso (contains "eInvoicing,pdf.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
167
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_pdf.UNOFFICIAL
Create hunting rule

PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ecccba19ec91e0fd9fd4e599bd95f5f465d5c68bf774f17e7f8e4b3162ccb97b/
Threat name:
Win32.Trojan.Zmutzy
Create hunting rule
Status:
Malicious
First seen:
2021-01-19 07:46:23 UTC
AV detection:
10 of 45 (22.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5tglugpmshqp3h6u4wm33fpv6rs5lrul652pc7t7rzftcywmxf5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ecccba19ec91e0fd9fd4e599bd95f5f465d5c68bf774f17e7f8e4b3162ccb97b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

iso ecccba19ec91e0fd9fd4e599bd95f5f465d5c68bf774f17e7f8e4b3162ccb97b

(this sample)

ModiLoader

Executable exe bb639bf4f7fe2289c7aac466c738998a83d6057f961c6eee77e51bc4e24eee00

  
Dropping
MD5 686e5ac685e3656b18fa45ef7f4660ef
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bb639bf4f7fe2289c7aac466c738998a83d6057f961c6eee77e51bc4e24eee00

Comments