MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb28435cab65ebbcff360ed6ca33dd1f1faf4f518a4cd9c680d4b32d38395b29. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fb28435cab65ebbcff360ed6ca33dd1f1faf4f518a4cd9c680d4b32d38395b29
SHA3-384 hash: 6c2b9f95076fdc1f25562e6a72928de85536bc879b4174b529a40b84b42b0d301db66a3179e951f8a30d8eb5ab311331
SHA1 hash: 9df4c1a65d6656fc71174d505372a2990242a8b9
MD5 hash: 9090bd44659fed5d74c0cdacb828eeb1
humanhash: golf-colorado-lemon-river
File name:Lotfwpc_Signed_.zip
Download: download sample
Signature ModiLoader
Create hunting rule
File size:498'082 bytes
First seen:2020-10-05 11:47:01 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:uLxTLicMlSv3Mbjgk2MeZaMvdOw9p5PcY0dU:Kxv/M4dvdX9DcYz
TLSH 09B423957DBA1D53A6290EFAB2495B18049105C8275CAFB9CA08588F7F99F03FD8D3C3
Reporter abuse_ch
Tags:ModiLoader zip


Avatar
abuse_ch
Malspam distributing ModiLoader:

HELO: carbonteknoloji.com
Sending IP: 80.93.208.249
From: Andromachi Makri <sakos@sakos.gr>
Subject: Re: Re: Re: Re: New purchase order
Attachment: Lotfwpc_Signed_.zip (contains "Lotfwpc_Signed_.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fb28435cab65ebbcff360ed6ca33dd1f1faf4f518a4cd9c680d4b32d38395b29/
Threat name:
Win32.Trojan.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-10-05 07:53:22 UTC
AV detection:
34 of 48 (70.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7muegxflmxv3z7zwb3lmum65d4p26t2rrjgntrua2szs2obzlmuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fb28435cab65ebbcff360ed6ca33dd1f1faf4f518a4cd9c680d4b32d38395b29

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

zip fb28435cab65ebbcff360ed6ca33dd1f1faf4f518a4cd9c680d4b32d38395b29

(this sample)

ModiLoader

Executable exe d7d1d6057e7e731b75e1ba9579ccfe717334cc7b4f59324af1a0aa179db22e68

  
Dropping
MD5 c67c3d5b8badba8f9559b8f6da7a0612
  
Dropping
ModiLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d7d1d6057e7e731b75e1ba9579ccfe717334cc7b4f59324af1a0aa179db22e68

Comments