MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b7c02d80a783e31957b0bcecf56c7fbec20dc513d021e7c814df913fe01fd491. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CustomerLoader


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b7c02d80a783e31957b0bcecf56c7fbec20dc513d021e7c814df913fe01fd491
SHA3-384 hash: 5a592fc3c1c4449f79bf7e6a626b6031d3460529734e0018eac526eca3d797e71fcc3b9d2693b629ed584ae4e853aeeb
SHA1 hash: 1e0ee0008c8ae0b0f37f51be27e61597530faf0d
MD5 hash: fcb679b0de5f4f8ac6758087df0eea4b
humanhash: alpha-violet-sink-three
File name:file
Download: download sample
Signature CustomerLoader
Create hunting rule
File size:232'960 bytes
First seen:2023-07-13 06:52:11 UTC
Last seen:2023-07-14 08:09:29 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 6144:SRW/xODAdhADhsr5fd7ypY3uViNewxWsr7r4wP4zhkXSQB5DOljU+pE8DaOl5yLD:SRW/xODAdhADhsr5fd7ypY3uViNewxWw
Threatray 6 similar samples on MalwareBazaar
TLSH T167345A8535501F97D67C99F7804F3490B7F3A16AA0E4E7D49EC2EAED60E2F88B107A41
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter andretavare5
Tags:85-217-144-143 CustomerLoader exe


Avatar
andretavare5
Sample downloaded from http://85.217.144.143/files/Ads.exe

Intelligence

File Origin
# of uploads :
24
# of downloads :
287
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2023-07-13 06:55:39 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/49b6710d-3ad3-449e-81d7-6394ce2a63c3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/417260/
Detection(s):
SecuriteInfo.com.Win64.PWSX-gen.28396.718.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
DNS request
Sending a custom TCP request
Creating a file
Creating a service
Launching a service
Loading a system driver
Creating a file in the Windows subdirectories
Launching a process
Creating a file in the Windows directory
Enabling autorun for a service
Unauthorized injection to a system process
Gathering data
Verdict:
Malicious
Labled as:
MSIL/Kryptik_AGeneric.BAV trojan
Link:
https://www.hybrid-analysis.com/sample/b7c02d80a783e31957b0bcecf56c7fbec20dc513d021e7c814df913fe01fd491
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/eab06b5f-3ee2-481f-b7c0-815a010d3e37
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1272241
Signature
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Sample is not signed and drops a device driver
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b7c02d80a783e31957b0bcecf56c7fbec20dc513d021e7c814df913fe01fd491/
Threat name:
ByteCode-MSIL.Trojan.Casdet
Create hunting rule
Status:
Malicious
First seen:
2023-07-13 06:53:06 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
1
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=w7ac3afhqprrsv5qxtwpk3d7x3ba3rit2aq6psau36it7ya72siq._file
Verdict:
malicious
Similar samples:
03f00297dfcf082c1713057ffdcef8f76fd1df195e6ea3d6f409397f9b119800
CustomerLoader
22059817e04f84b60175d20e225c713482cd8091ecd4bb74a70946d4826da7f4
CustomerLoader
4c9b551910643eb2c5a4adaf517f41cf1c5035c1526b11f108accd970e675e31
CustomerLoader
950e8cfed90f2e567f20f1ba663e2a172596b96670da2f7b91ead407fc64fa77
CustomerLoader
a26842becdd6ced8f2b44de90122dbd4cc027348b569ef32703749bac877ca6f
CustomerLoader
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230713-hnmfrsgf2y/
Behaviour
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
b7c02d80a783e31957b0bcecf56c7fbec20dc513d021e7c814df913fe01fd491
MD5 hash:
fcb679b0de5f4f8ac6758087df0eea4b
SHA1 hash:
1e0ee0008c8ae0b0f37f51be27e61597530faf0d
Link:
https://www.unpac.me/results/c2fe43cc-7a64-4173-8f5c-bd3c7d4154a9/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
Cape
Cape
https://www.capesandbox.com/analysis/417260/
  
URLhaus
https://urlhaus.abuse.ch/url/2681759/

Comments