MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff692c08cbfe07fa064205cea64889e0143c9858d7eaccd51556e609a7900d9b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ModiLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ff692c08cbfe07fa064205cea64889e0143c9858d7eaccd51556e609a7900d9b
SHA3-384 hash: c1b7dd19d926188d9bd26b08a65c8026d96da8fa77118648bbe778a12637242b95c9a6bb49c916b07ffd18193c3e5b98
SHA1 hash: 47ca0999f19c714cefa6b47d163d8c3a8fa58a65
MD5 hash: c1e2c119f512a192ac3e07a9dc38fa29
humanhash: lion-arizona-social-august
File name:11-27.zip
Download: download sample
Signature ModiLoader
Create hunting rule
File size:711'678 bytes
First seen:2020-11-28 09:22:10 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:TgyGeQ5+Bo6xUTnuDIVz+Bl579YAM4oZa4j75j+EPhHo4jo/XA+3dqUXL6:TgBeDRx0MIcXr27nj75fo/33lW
TLSH 44E423B41F3A7E28E70B5BE14123C1C96D0A30A92A205EC539DD1BD7958B185D6CEED3
Reporter abuse_ch
Tags:zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: host470.dgtr-network.com
Sending IP: 217.79.240.170
From: SURYA SDN BHD <adriana.iturriaga@diquesrl.com.ar>
Subject: Bank in slip
Attachment: 11-27.zip (contains "11-27.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
164
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ff692c08cbfe07fa064205cea64889e0143c9858d7eaccd51556e609a7900d9b/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-11-27 19:53:46 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=75usycgl7yd7ubscaxhkmsej4akdzgcy27vmzvivk3tatj4qbwnq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ModiLoader

zip ff692c08cbfe07fa064205cea64889e0143c9858d7eaccd51556e609a7900d9b

(this sample)

ModiLoader

Executable exe 4b5650a097c6a9ee7bc32fb5aa691ce1d1f358bcbdcbccfc6ba66d2f76f612af

  
Dropping
MD5 4312f55eb22b6cd52d0f6f93f40215af
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4b5650a097c6a9ee7bc32fb5aa691ce1d1f358bcbdcbccfc6ba66d2f76f612af

Comments