MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f78c97186905cb7511ed946dcc5ed5c85879130632389dbce4dccf6615f67001. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f78c97186905cb7511ed946dcc5ed5c85879130632389dbce4dccf6615f67001
SHA3-384 hash: 7bc184b75e30ca63a7d4973883b3e9713d2c4bddfafaefbd68eb1dc565c776b6066a2609ba5f7379e85840bc5bcbe230
SHA1 hash: b1efb1dae8ada45504723fe606f8e0b733c40a8f
MD5 hash: 27794674a0ea51119dd734651325aecb
humanhash: chicken-mike-carbon-alaska
File name:P.S.P.MARKETING SDN BHD_456789876.rar
Download: download sample
Signature ModiLoader
Create hunting rule
File size:416'154 bytes
First seen:2020-08-13 12:38:23 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:QhLnsQRMOMpkEax5iUvtLlZkam0UOz6xP/LC:QhLnPLEax5nvhbUOGxP/LC
TLSH 83942389B7175C5ECCA73639EB21E7F3692FC41E579F99C642B17033A4120110AAE8AD
Reporter abuse_ch
Tags:ModiLoader rar


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: spfilter-1.sew01.mschosting.com
Sending IP: 110.4.40.86
From: HANWHA Q CELLS MALAYSIA SDN BHD <eewai.gemfive@mydreamstudio.com>
Reply-To: eewai.gemfive@mydreamstudio.com
Subject: PO_P.S.P. MARKETING SDN BHD_2450015732
Attachment: P.S.P.MARKETING SDN BHD_456789876.rar (contains "456789876.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f78c97186905cb7511ed946dcc5ed5c85879130632389dbce4dccf6615f67001/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-08-13 12:40:07 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=66gjogdjaxfxkepnsrw4yxwvzbmhseyggi4j3phe3thwmfpwoaaq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f78c97186905cb7511ed946dcc5ed5c85879130632389dbce4dccf6615f67001

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

rar f78c97186905cb7511ed946dcc5ed5c85879130632389dbce4dccf6615f67001

(this sample)

ModiLoader

Executable exe 5336d0fb346782de19c1a549e7ced6ca5c73fbcf897ac78d645219ec2033bdb5

  
Dropping
MD5 8ab944baba0eff47e628510db43f7671
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5336d0fb346782de19c1a549e7ced6ca5c73fbcf897ac78d645219ec2033bdb5

Comments