MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d35c36d62c69cfca62a0f7183ffbeda6ea48db9b647b1338e2e27f340ddf61c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CustomerLoader


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d35c36d62c69cfca62a0f7183ffbeda6ea48db9b647b1338e2e27f340ddf61c8
SHA3-384 hash: dbf087eb0c7a8aa3dc49f6f12f27b7fe78c26f5e4706cfb1a5e55493d33bb0cd390e970ea60593b9e1208cefdd0fff22
SHA1 hash: 868958ae664bb694742d8450b7b4ff1fc3634d0b
MD5 hash: 9ccbdba7e4d2299ca977d2695394dd8e
humanhash: dakota-ohio-summer-december
File name:PPErrNhFtZ3NdVrfhZ1ddnAk.bin
Download: download sample
Signature CustomerLoader
Create hunting rule
File size:37'888 bytes
First seen:2023-07-19 03:43:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 768:QlnpUJmju+yDa3M2F7Tllmu24Ra2DovIieNhIPVQPaIjKQ1:5+g2JTll92m7ov0oWh/1
Threatray 1 similar samples on MalwareBazaar
TLSH T18E03D00057EC42B6DA671BBCDCE2024216396F67E467DF9BAECC558A1D13329A333760
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter JAMESWT_WT
Tags:85-217-144-143 CustomerLoader exe FruitMiX

Intelligence

File Origin
# of uploads :
1
# of downloads :
328
Origin country :
IT IT
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
https://fundovidaips.com/download/File_pass1234.7z
Verdict:
Malicious activity
Analysis date:
2023-07-18 20:16:02 UTC
Tags:
privateloader evasion opendir loader risepro stealer payload fabookie redline rat amadey trojan gcleaner smoke povertystealer arkei vidar
Link:
https://app.any.run/tasks/a8e8c813-2446-4c32-98bd-939115fbad34

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/424439/
Detection(s):
SecuriteInfo.com.Variant.MSILHeracles.96592.31178.20495.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
masquerade packed
Link:
https://www.filescan.io/uploads/64b75c067a9c6ddebf0b9ff6/reports/11117acc-7df1-4edc-8e60-39d6cd75b53f/overview
Verdict:
Malicious
Labled as:
MSILHeracles.Generic
Link:
https://www.hybrid-analysis.com/sample/d35c36d62c69cfca62a0f7183ffbeda6ea48db9b647b1338e2e27f340ddf61c8
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d2eb953f-a4c6-44be-9fc6-d9b2bb172157
Result
Threat name:
Customer Loader
Create hunting rule
Detection:
malicious
Classification:
troj.expl.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1275617
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sample is not signed and drops a device driver
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AntiVM3
Yara detected Costura Assembly Loader
Yara detected Customer Loader
Yara detected UAC Bypass using CMSTP
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d35c36d62c69cfca62a0f7183ffbeda6ea48db9b647b1338e2e27f340ddf61c8/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-07-18 22:31:01 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
2
AV detection:
17 of 36 (47.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2nodnvrmnhh4uyva64md767nu3verw43mr5rgohc4j7tido7mhea._file
Verdict:
malicious
Similar samples:
bfaf95fc7c62311c327097888ee85ae1979ba74ea93090368977674c420516d8
CustomerLoader
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230719-eagrksgc81/
Behaviour
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
d35c36d62c69cfca62a0f7183ffbeda6ea48db9b647b1338e2e27f340ddf61c8
MD5 hash:
9ccbdba7e4d2299ca977d2695394dd8e
SHA1 hash:
868958ae664bb694742d8450b7b4ff1fc3634d0b
Link:
https://www.unpac.me/results/56469d5a-ed06-45be-b952-d56a8d421cd0/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/d35c36d62c69/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d35c36d62c69cfca62a0f7183ffbeda6ea48db9b647b1338e2e27f340ddf61c8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CustomerLoader

Executable exe d35c36d62c69cfca62a0f7183ffbeda6ea48db9b647b1338e2e27f340ddf61c8

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2681759/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/424439/

Comments