MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c673b59e43c4475cd1204bba60adcef91be7bd9116d5548102eca86f6b0ffdc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CustomerLoader


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4c673b59e43c4475cd1204bba60adcef91be7bd9116d5548102eca86f6b0ffdc
SHA3-384 hash: 8ccb53646c59f7cbd5b39798b86cf4a26e62be95be78bfd989bd11ea2fb47eaffa8e4b0e693d20b1ec34dc47d56dc3fe
SHA1 hash: e02b0b7000c1b76d1831c5e83315a4197d0921e7
MD5 hash: 23cef1d0e08577b71f0148d5e63de9d9
humanhash: nuts-zulu-vermont-blossom
File name:RFQ_MSC-SPEC02781-30032023·XLXS.scr
Download: download sample
Signature CustomerLoader
Create hunting rule
File size:37'888 bytes
First seen:2023-07-21 07:34:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 768:0JJO5Pvxhq5Tllmu24Ra2DovIieNhIPVQPa9JY1Yw:SO5PvwTll92m7ov0oW6JY1Yw
Threatray 15 similar samples on MalwareBazaar
TLSH T1CB03E10057F941B8C5AB16BDDCE202420B3A9FDBE457DF8FA9CC664E5D0733866226E1
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter abuse_ch
Tags:CustomerLoader exe scr

Intelligence

File Origin
# of uploads :
1
# of downloads :
283
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
RFQ_MSC-SPEC02781-30032023·XLXS.scr
Verdict:
Suspicious activity
Analysis date:
2023-07-21 07:36:15 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/89a6bdee-2515-4d33-8f85-236e13c163fd

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/427355/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.68273051.2416.29157.UNOFFICIAL
Create hunting rule

Gathering data
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/4c673b59e43c4475cd1204bba60adcef91be7bd9116d5548102eca86f6b0ffdc
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/381ccc3d-0a60-4170-b86b-88eb3ad0404f
Result
Threat name:
Customer Loader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/1277300
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected Costura Assembly Loader
Yara detected Customer Loader
Yara detected Generic Downloader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4c673b59e43c4475cd1204bba60adcef91be7bd9116d5548102eca86f6b0ffdc/
Threat name:
ByteCode-MSIL.Trojan.Tnega
Create hunting rule
Status:
Malicious
First seen:
2023-07-20 06:32:20 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
2
AV detection:
18 of 38 (47.37%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jrttwwpehrchltisas52mcw456i3466zcfwvksaqf3fin5vq77oa._file
Verdict:
malicious
Similar samples:
0b4e5a23c6a2567d7bd75393d2773206b9632131d3621b52cd051b6cc4f12ecf
CustomerLoader
1705bafd8562bc925e54c571066a069538863a6581a86f6aa14f76245fc3af78
CustomerLoader
18aa945b3f83c4634612a2192fd6d7cec0a3601849d76b38a95b240d8d2d6faa
CustomerLoader
3221d31ff9f0820ff9682639db213103f4f4ad42d3a6778cfcb4aaa223239903
CustomerLoader
66585a437c7394893afc35afe6c80a9cc7f21427adff7610a4c50a69d26fdd58
CustomerLoader
bfaf95fc7c62311c327097888ee85ae1979ba74ea93090368977674c420516d8
CustomerLoader
d35c36d62c69cfca62a0f7183ffbeda6ea48db9b647b1338e2e27f340ddf61c8
CustomerLoader
d5582d466104e3130d5bc56df57d67d89036793dd979038b5dabd82b13736e43
CustomerLoader
+ 5 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230721-jensxace68/
Behaviour
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
4c673b59e43c4475cd1204bba60adcef91be7bd9116d5548102eca86f6b0ffdc
MD5 hash:
23cef1d0e08577b71f0148d5e63de9d9
SHA1 hash:
e02b0b7000c1b76d1831c5e83315a4197d0921e7
Link:
https://www.unpac.me/results/377bf36f-bfda-4ec3-a65d-5b7d471be08e/
Malware family:
AgentTesla.v4
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/4c673b59e43c/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4c673b59e43c4475cd1204bba60adcef91be7bd9116d5548102eca86f6b0ffdc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

CustomerLoader

Executable exe 4c673b59e43c4475cd1204bba60adcef91be7bd9116d5548102eca86f6b0ffdc

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/427355/

Comments