MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f636c35d057da438540d73890abc6a6d9070ccb69c72695136481bdde6f9f623. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f636c35d057da438540d73890abc6a6d9070ccb69c72695136481bdde6f9f623
SHA3-384 hash: 53388547919e5b7bf094cb2ce53a05a53bf47ba45cc570b196e0846cc09d279571fc52c1b750865dc6e5907e674dfb36
SHA1 hash: 296d9696d7335cc43fe5554eb49fc5bcc5b10dba
MD5 hash: 96a455e786a3b3d0ca3f7624cdc66764
humanhash: robert-batman-four-king
File name:HSBC File.iso
Download: download sample
Signature ModiLoader
Create hunting rule
File size:1'181'696 bytes
First seen:2020-10-23 09:32:16 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:s8xnrNVGQcigXmng7X+XmYWGQO7lGcRvR+ec0X6Dm9tEx6/nlyweV+8YZqckawUS:vriQciDnQ9YWmRnfxyiwluk
TLSH DC458D21A291CB37D0379AF54C16A77899E5BE00ED247C46F6BCEC485F76DC0782B292
Reporter abuse_ch
Tags:geo HSBC iso ModiLoader PRT


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: poczta.kia.pl
Sending IP: 80.72.33.102
From: Caixa Geral de Depósitos <account@ptssyndicate.com>
Subject: Notificação de transação recebida de pagamento
Attachment: HSBC File.iso (contains "HSBC File.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Fareit-FZO345F40C742FA.17750.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f636c35d057da438540d73890abc6a6d9070ccb69c72695136481bdde6f9f623/
Threat name:
Win32.Trojan.NetWired
Create hunting rule
Status:
Malicious
First seen:
2020-10-23 08:52:52 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6y3mgxifpwsdqvanooeqvpdknwihbtfwtrzgsujwjan53zxz6yrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

iso f636c35d057da438540d73890abc6a6d9070ccb69c72695136481bdde6f9f623

(this sample)

ModiLoader

Executable exe 455ea8ac576f3d44ecb310e3068e3ff759c8d6bc43344a1ad11ea5762b85d201

  
Dropping
MD5 1193ae97938eaacfe41a5cbef6754670
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 455ea8ac576f3d44ecb310e3068e3ff759c8d6bc43344a1ad11ea5762b85d201

Comments