MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 12bfbe54bef7d2002007f3d4242866dd32f90b17624e67765d902f7f01ee58a6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CustomerLoader

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	12bfbe54bef7d2002007f3d4242866dd32f90b17624e67765d902f7f01ee58a6
SHA3-384 hash:	c6e9bc74020e0e71ab3701737325446d7ce5234ba2a09f6996599952877b5ae04f17b05b05046059b7a2e55459fec27c
SHA1 hash:	7a571498efdd0d09d4e82a9ccb0402dd541c06bd
MD5 hash:	1b2ed6f685437ff2be30b4b04bb96c5f
humanhash:	tennis-quiet-vegan-mirror
File name:	QUOTATION_JUL7FIBA00541·PDF.scr
Download:	download sample
Signature	CustomerLoader Create hunting rule
File size:	14'848 bytes
First seen:	2023-07-14 06:58:13 UTC
Last seen:	2023-07-14 06:58:28 UTC
File type:	exe
MIME type:	application/x-dosexec
ssdeep	384:HTuTWtAkLsEj+FLyPNatDtsfQ+0s28mgVOJgVT:HQWtAkFNYFt0OsF9cW9
Threatray	53 similar samples on MalwareBazaar
TLSH	T193624C00279C8233E9AB0BB6EDB357C01A75D7A77943EB1F6FD89059184379416523B2
TrID	44.4% (.EXE) Win64 Executable (generic) (10523/12/4) 21.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 8.7% (.ICL) Windows Icons Library (generic) (2059/9) 8.5% (.EXE) OS/2 Executable (generic) (2029/13) 8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter	JAMESWT_WT
Tags:	CustomerLoader exe

Intelligence

File Origin

# of uploads :

4

# of downloads :

271

Origin country :

IT

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

QUOTATION_JUL7FIBA00541·PDF.scr

Verdict:

Malicious activity

Analysis date:

2023-07-14 07:02:25 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/2cd6a486-e4b9-4e14-a52d-acac72a82742

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/418623/

Detection(s):

SecuriteInfo.com.Trojan.InjectNET.59.2290.10526.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Сreating synchronization primitives

Creating a window

Query of malicious DNS domain

Sending a TCP request to an infection source

Gathering data

Verdict:

Malicious

Labled as:

Win64/Agent_AGeneric.AMQ trojan

Link:

https://www.hybrid-analysis.com/sample/12bfbe54bef7d2002007f3d4242866dd32f90b17624e67765d902f7f01ee58a6

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/8d066b23-d8aa-473b-98d1-354a988667ec

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/1272958

Signature

Antivirus detection for URL or domain

Initial sample is a PE file and has a suspicious name

Machine Learning detection for sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/12bfbe54bef7d2002007f3d4242866dd32f90b17624e67765d902f7f01ee58a6/

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Status:

Malicious

First seen:

2023-07-13 16:42:43 UTC

File Type:

PE+ (.Net Exe)

Extracted files:

1

AV detection:

16 of 24 (66.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ck734vf667jaaiah6pkcikdg3uzpscyxmjhgo5s5saxx6apolcta._file

Verdict:

malicious

Similar samples:

0b187246743429e8b9e67b2041bccbd24875a9c39f903e6533db5e7a176c9417

3956c21824bc18caca2523381ce3fa113e40d5e7f47bf2a05d65f2a1a27a3f1d

576ef869c72f3afe6f4f5101f27aeb0d479cae8e5d348eea4e43e8af8252dfd0

5e273d27c320b4ba9da91dedaa66ba91cb6ac05fa2195096a2b85e9954e981c0

670bc9a86f72af2ab43a89c576a4e1874ce188b35a1f5656ea27f4b7ac3d5f09

71b83a4a645cee8038819ee490a2b6324d287d8aac405adb1b373277dc5c23ab

d73dbd022ae04284c10281b7aad42b0b80d45deec6beee79858e635a43627f65

e43e5c816ce04f8fa14c819ff2b5bfc02c03e27a4b0a6b85875ef11ea4d4489f

f19f1debabf340338607f916a64a783e14afc6d3ee4a5ab390a00dc3f33f30d2

+ 43 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/230714-hr3xxsdd5s/

Behaviour

Suspicious use of AdjustPrivilegeToken

Unpacked files

SH256 hash:

12bfbe54bef7d2002007f3d4242866dd32f90b17624e67765d902f7f01ee58a6

MD5 hash:

1b2ed6f685437ff2be30b4b04bb96c5f

SHA1 hash:

7a571498efdd0d09d4e82a9ccb0402dd541c06bd

Link:

https://www.unpac.me/results/f638541f-9499-49a3-b59a-42cd5282c6ec/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/418623/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample