MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa706c35dab0b6bacfafff6819c6a887cf2b8040d25163bc03517487dbcf91f0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ModiLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	fa706c35dab0b6bacfafff6819c6a887cf2b8040d25163bc03517487dbcf91f0
SHA3-384 hash:	a16d59853f0b506597257e21e5531af7bfb3acb16ad921456c86cbe86b377b64f89e0ec01741092e5ad1a611cfac4462
SHA1 hash:	886ecafb855ef1555af83eda5a19a0379987d06a
MD5 hash:	670c8b831e32ffa479c8bf439696dc4a
humanhash:	quebec-april-leopard-steak
File name:	ScanIMG0001-PDF.z
Download:	download sample
Signature	ModiLoader Create hunting rule
File size:	561'545 bytes
First seen:	2020-07-31 11:46:59 UTC
Last seen:	2020-07-31 11:47:46 UTC
File type:	z
MIME type:	application/x-rar
ssdeep	12288:JnQMIKmE3GcFAag6ISgwjjtHEZLrNjlD0iHBZKmE3GcFAag6ISgwjjtHEZLrNjl3:JQIm2FRIMVEZNjWiym2FRIMVEZNjWih
TLSH	25C4235B1F282A9F12C6574D79B13C73DEA1C395242819A60D3C8B969232DE021B5FFF
Reporter	abuse_ch
Tags:	ModiLoader z

abuse_ch

Malspam distributing ModiLoader:

HELO: mail.greencc.com
Sending IP: 209.59.244.54
From: Tyler Simpson <tsimpson@greencc.com>
Subject: Urgent Purchase Order
Attachment: ScanIMG0001-PDF.z (contains "IMG_000002_DOCUMENTS_PDF.exe")