MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e0d6388ebe45705e7b9bf545aabc2cc83c663849c5653ca2614ddff8e99def12. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CustomerLoader


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e0d6388ebe45705e7b9bf545aabc2cc83c663849c5653ca2614ddff8e99def12
SHA3-384 hash: 6e83428436eeeebbffe5028de0da183bf7c50fccff23776bd6003d806a120c4c4d273df3bd452754b63a66a2ee572f2d
SHA1 hash: 0a119f54a0c2122a8cd721114925e94a0d2a8dcb
MD5 hash: e27fe886b1533db65678ed325d3ecbbd
humanhash: golf-ohio-beryllium-mango
File name:e27fe886b1533db65678ed325d3ecbbd.exe
Download: download sample
Signature CustomerLoader
Create hunting rule
File size:12'288 bytes
First seen:2023-07-18 13:19:59 UTC
Last seen:2023-07-18 13:45:54 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 192:/WtMpITVt/cNMvyfWwY5TIIK7mLyJtsx9x7Q:/Wt+ITVt/F0Y5TqIrk
Threatray 37 similar samples on MalwareBazaar
TLSH T128423C00D7E8413BD6BB07BD9CB752414239EFB76633EB5B1488914A1C633546E173B2
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter abuse_ch
Tags:CustomerLoader exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
260
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
https://storedechuladas.com/wp-content/download/File_pass1234.7z
Verdict:
Malicious activity
Analysis date:
2023-07-18 07:26:55 UTC
Tags:
privateloader evasion opendir risepro stealer payload fabookie rat redline loader povertystealer amadey trojan gcleaner smoke botnet miner ransomware stop tofsee arkei vidar
Link:
https://app.any.run/tasks/ff200dc8-95d9-4ee8-afad-1ff9a9e83642

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/423598/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Creating a file
Creating a service
Launching a service
Loading a system driver
Creating a file in the Windows directory
Creating a file in the Windows subdirectories
Query of malicious DNS domain
Sending a TCP request to an infection source
Enabling autorun for a service
Forced shutdown of a system process
Unauthorized injection to a system process
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/64b69184f52c3e1a014a2744/reports/46e92f55-840c-45b0-a353-f5efbf334517/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/e0d6388ebe45705e7b9bf545aabc2cc83c663849c5653ca2614ddff8e99def12
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/322580e7-feb8-459a-a532-c392cb5feafc
Result
Threat name:
Customer Loader
Create hunting rule
Detection:
malicious
Classification:
troj.expl.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1275191
Signature
Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sample is not signed and drops a device driver
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AntiVM3
Yara detected Customer Loader
Yara detected UAC Bypass using CMSTP
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e0d6388ebe45705e7b9bf545aabc2cc83c663849c5653ca2614ddff8e99def12/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-07-17 03:45:18 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
1
AV detection:
18 of 38 (47.37%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4dldrdv6ivyf46436vc2vpbmza6gmocjyvstzitbjxp7r2m554ja._file
Verdict:
malicious
Similar samples:
1201be819db6d09ce9bd23656c5bbd7430e0420f30c39afe37b3a4662581f143
CustomerLoader
265560df14513c5fdd9779cf5324c68d3f83e275223dd5d467a4dfbf714a3256
CustomerLoader
312a01b589aea6e8dfc11fdd5a362228970074eeec1a97d36f23f99b48b586f0
CustomerLoader
42a4626de8646d49df1c5ffa151c05c724b5b7d32d0131d0228189aff81db945
CustomerLoader
65831b6a853bb664e7f189003da9cdda832e5bcf647c1e262b3bc80acb715814
CustomerLoader
8182fd64aabdf1d67f00c87fe9d90fa7d52be56284738995446f82890205dc93
CustomerLoader
877dcc901ba5abacac399a8f33ccaffa321eb4306a3a10f16fa9a2d183374cd7
CustomerLoader
a5ae679843b00396ed2349a9ce7d3d0dc077defb4f83c89489d4c2065863e0f7
CustomerLoader
eb51def4151ae6c16d06ebb7e170dc7f1910932c172cf9aa1719d3d6bbc043b5
CustomerLoader
fbbad7f1ea80336f2d11ec3df5d547fedcca56d3def4eb369f605122b02f3f34
CustomerLoader
+ 27 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230718-qk3ycaaf53/
Behaviour
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
e0d6388ebe45705e7b9bf545aabc2cc83c663849c5653ca2614ddff8e99def12
MD5 hash:
e27fe886b1533db65678ed325d3ecbbd
SHA1 hash:
0a119f54a0c2122a8cd721114925e94a0d2a8dcb
Link:
https://www.unpac.me/results/6975000c-8913-43e6-8c78-b338d0c7155c/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/e0d6388ebe45/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e0d6388ebe45705e7b9bf545aabc2cc83c663849c5653ca2614ddff8e99def12

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CustomerLoader

Executable exe e0d6388ebe45705e7b9bf545aabc2cc83c663849c5653ca2614ddff8e99def12

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/423598/
  
URLhaus
https://urlhaus.abuse.ch/url/2681759/
  
Delivery method
Distributed via web download

Comments