MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 18aa945b3f83c4634612a2192fd6d7cec0a3601849d76b38a95b240d8d2d6faa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CustomerLoader


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 18aa945b3f83c4634612a2192fd6d7cec0a3601849d76b38a95b240d8d2d6faa
SHA3-384 hash: faf7e7b67fb34d33119d61aa153e8a1de7407da854622b383d17bcc3bbc9e6326932fb214c73786b9478680e81b0e85e
SHA1 hash: 8ba0cea4a53b0582abbb98bb25ea47d1c857bbb5
MD5 hash: b45a0c05a57b21cab1dcb6d58bd99f83
humanhash: iowa-avocado-summer-sad
File name:b45a0c05a57b21cab1dcb6d58bd99f83.exe
Download: download sample
Signature CustomerLoader
Create hunting rule
File size:37'888 bytes
First seen:2023-07-19 06:42:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 768:Fln/NhS5G0b6+2s3M2F7Tllmu24Ra2DovIieNhIPVQPaSB2:Jh8G0W+2B2JTll92m7ov0oWxB2
Threatray 5 similar samples on MalwareBazaar
TLSH T16303C00407A90171D66B077CDCE103821B7A1FA7E867EF5FEECC968A1D4332967226B1
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter abuse_ch
Tags:85-217-144-143 CustomerLoader exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
267
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
b45a0c05a57b21cab1dcb6d58bd99f83.exe
Verdict:
Malicious activity
Analysis date:
2023-07-19 06:46:09 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8ee270b0-0863-4e45-bc59-7e6aa8d9c8db

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/424504/
Detection(s):
SecuriteInfo.com.Variant.MSILHeracles.96592.22868.15951.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/64b785f6f3c193545ac6c5fb/reports/1d155de7-0b50-4f22-8795-3edd629b23ae/overview
Verdict:
Malicious
Labled as:
MSILHeracles.Generic
Link:
https://www.hybrid-analysis.com/sample/18aa945b3f83c4634612a2192fd6d7cec0a3601849d76b38a95b240d8d2d6faa
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/39e3abb1-a7b9-4fb4-8847-60bebb45aa0a
Result
Threat name:
Customer Loader
Create hunting rule
Detection:
malicious
Classification:
troj.expl.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1275691
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AntiVM3
Yara detected Costura Assembly Loader
Yara detected Customer Loader
Yara detected UAC Bypass using CMSTP
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/18aa945b3f83c4634612a2192fd6d7cec0a3601849d76b38a95b240d8d2d6faa/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-07-18 21:55:52 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
2
AV detection:
16 of 37 (43.24%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dcvjiwz7qpcggrqsuims7vwxz3akgyayjhlwwofjlmsa3djnn6va._file
Verdict:
malicious
Similar samples:
2cf82af2783ce05445c94dd82b00653b2f8447aa80d10b5831c4d601b888fc98
CustomerLoader
4923c87112bf8dc456e0d46a0401151efc304b45c15f10655d1a51711f65c81e
CustomerLoader
5340c12deafd1e47beff8ea66df02a83b56a4259c1830c7fa02123bcbe9a1992
CustomerLoader
bfaf95fc7c62311c327097888ee85ae1979ba74ea93090368977674c420516d8
CustomerLoader
d35c36d62c69cfca62a0f7183ffbeda6ea48db9b647b1338e2e27f340ddf61c8
CustomerLoader
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230719-hgxcdshb2x/
Behaviour
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
18aa945b3f83c4634612a2192fd6d7cec0a3601849d76b38a95b240d8d2d6faa
MD5 hash:
b45a0c05a57b21cab1dcb6d58bd99f83
SHA1 hash:
8ba0cea4a53b0582abbb98bb25ea47d1c857bbb5
Link:
https://www.unpac.me/results/ab86445d-483e-47c1-b16c-8872e692bf2d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.51
Link:
https://yomi.yoroi.company/submissions/18aa945b3f83c4634612a2192fd6d7cec0a3601849d76b38a95b240d8d2d6faa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CustomerLoader

Executable exe 18aa945b3f83c4634612a2192fd6d7cec0a3601849d76b38a95b240d8d2d6faa

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2681797/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/424504/

Comments