MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1705bafd8562bc925e54c571066a069538863a6581a86f6aa14f76245fc3af78. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CustomerLoader


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1705bafd8562bc925e54c571066a069538863a6581a86f6aa14f76245fc3af78
SHA3-384 hash: deda3ff58a32eab69728da03227d267692ade3991c5648fa89819ea6fc009861a3f41f5acc73683a51cd94e4fee477ad
SHA1 hash: f6c6cc95923723c3b9603c81befc5f3bb012df5a
MD5 hash: cacd7aa300ea41a7ae4792559530f0a1
humanhash: nineteen-failed-sodium-winter
File name:Quote_75698-LD8972390·PDF.scr
Download: download sample
Signature CustomerLoader
Create hunting rule
File size:37'888 bytes
First seen:2023-07-21 07:34:15 UTC
Last seen:2023-07-25 10:48:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 768:2Jt+rYj51wq5Tllmu24Ra2DovIieNhIPVQPa9iRR:c+rW5JTll92m7ov0oW6iRR
Threatray 14 similar samples on MalwareBazaar
TLSH T1E203E10467EC0178C6AB067DDCA103421B399FA694A7DF8FAE8CA64F1D0737566327A1
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter abuse_ch
Tags:CustomerLoader exe scr

Intelligence

File Origin
# of uploads :
2
# of downloads :
306
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Quote_75698-LD8972390·PDF.scr
Verdict:
Suspicious activity
Analysis date:
2023-07-21 07:36:16 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a2df1ac5-b833-44fc-8891-30c1809dc935

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/427356/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.68272319.28991.945.UNOFFICIAL
Create hunting rule

Gathering data
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/1705bafd8562bc925e54c571066a069538863a6581a86f6aa14f76245fc3af78
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4129fbbf-cbf1-49b9-8422-af041ce1b844
Result
Threat name:
Customer Loader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1277298
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected Costura Assembly Loader
Yara detected Customer Loader
Yara detected Generic Downloader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1705bafd8562bc925e54c571066a069538863a6581a86f6aa14f76245fc3af78/
Threat name:
ByteCode-MSIL.Trojan.Tnega
Create hunting rule
Status:
Malicious
First seen:
2023-07-20 10:18:30 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
2
AV detection:
20 of 37 (54.05%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=c4c3v7mfmk6jexsuyvyqm2qgsu4imotfqgug62vbj53cix6dv54a._file
Verdict:
malicious
Similar samples:
0b4e5a23c6a2567d7bd75393d2773206b9632131d3621b52cd051b6cc4f12ecf
CustomerLoader
18aa945b3f83c4634612a2192fd6d7cec0a3601849d76b38a95b240d8d2d6faa
CustomerLoader
2cf82af2783ce05445c94dd82b00653b2f8447aa80d10b5831c4d601b888fc98
CustomerLoader
3221d31ff9f0820ff9682639db213103f4f4ad42d3a6778cfcb4aaa223239903
CustomerLoader
66585a437c7394893afc35afe6c80a9cc7f21427adff7610a4c50a69d26fdd58
CustomerLoader
bfaf95fc7c62311c327097888ee85ae1979ba74ea93090368977674c420516d8
CustomerLoader
d35c36d62c69cfca62a0f7183ffbeda6ea48db9b647b1338e2e27f340ddf61c8
CustomerLoader
d5582d466104e3130d5bc56df57d67d89036793dd979038b5dabd82b13736e43
CustomerLoader
+ 4 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230721-jensxadc2y/
Behaviour
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
1705bafd8562bc925e54c571066a069538863a6581a86f6aa14f76245fc3af78
MD5 hash:
cacd7aa300ea41a7ae4792559530f0a1
SHA1 hash:
f6c6cc95923723c3b9603c81befc5f3bb012df5a
Link:
https://www.unpac.me/results/f7cfaac3-11e0-41cb-9243-ddd77cbd9a8b/
Malware family:
AgentTesla.v4
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/1705bafd8562/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/1705bafd8562bc925e54c571066a069538863a6581a86f6aa14f76245fc3af78

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

CustomerLoader

Executable exe 1705bafd8562bc925e54c571066a069538863a6581a86f6aa14f76245fc3af78

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/427356/

Comments