MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb1dacfd485874f6e2504ef6feb7dfbdb0e178c8e292857e0d41150da2aacf40. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fb1dacfd485874f6e2504ef6feb7dfbdb0e178c8e292857e0d41150da2aacf40
SHA3-384 hash: c86392061eecf59326800613611ab839576a54a393be704e5bbe606a854239df9fc8737d0bbfb85df1c3b00979a43164
SHA1 hash: c4b31a644198211a46e9d7925b33b914393a001c
MD5 hash: 5b582956fc33aadf02ddb7cf99fd3ff0
humanhash: charlie-carolina-jig-stairway
File name:DHL CARGO BEZORGING 6758765,pdf.iso
Download: download sample
Signature ModiLoader
Create hunting rule
File size:1'159'168 bytes
First seen:2020-10-15 12:57:41 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 24576:f1BLam+mNN6U2Q/RvlNGnGe+957PszaWpWPgE9d:f1+42Wn7kzLpWPg
TLSH D935AF33F3A18537C17326359C1766A9A936BE102A2CA84977F61D4C8F3A3A17D352D3
Reporter abuse_ch
Tags:DHL iso ModiLoader


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: plesk1.enpatagonia.net
Sending IP: 209.126.124.211
From: DHL Express Cargo <delivery@dhl.com>
Subject: DHL CARGO BEZORGING
Attachment: DHL CARGO BEZORGING 6758765,pdf.iso (contains "DHL CARGO BEZORGING 6758765,pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis30FD4A13202B.11293.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fb1dacfd485874f6e2504ef6feb7dfbdb0e178c8e292857e0d41150da2aacf40/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-10-14 21:47:48 UTC
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7mo2z7kilb2pnysqj33p5n67xwyoc6gi4kjik7qniekq3ivkz5aa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/fb1dacfd485874f6e2504ef6feb7dfbdb0e178c8e292857e0d41150da2aacf40

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

iso fb1dacfd485874f6e2504ef6feb7dfbdb0e178c8e292857e0d41150da2aacf40

(this sample)

ModiLoader

Executable exe fb28260466e3ce4029f48c81b60a1ef83e755e772672a28cea1f00f51984c808

  
Dropping
MD5 533d6e392c020373da9345663e09d660
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fb28260466e3ce4029f48c81b60a1ef83e755e772672a28cea1f00f51984c808

Comments