CustomerLoader: a new malware distributing a wide variety of payloads
Tags
cmtmf-attack-pattern: Application Layer Protocol Masquerading Obfuscated Files Or Information
country: Russia
maec-delivery-vectors: Watering Hole
attack-pattern: Data Application Layer Protocol - T1437 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Domains - T1583.001 Domains - T1584.001 Dynamic Api Resolution - T1027.007 Impair Defenses - T1562 Impair Defenses - T1629 Ingress Tool Transfer - T1544 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Reflective Code Loading - T1620 Server - T1583.004 Server - T1584.004 Software - T1592.002 Standard Encoding - T1132.001 Web Protocols - T1071.001 Web Protocols - T1437.001 Standard Application Layer Protocol - T1071 Connection Proxy - T1090 Data Encoding - T1132 Data Obfuscation - T1001 Deobfuscate/Decode Files Or Information - T1140 Execution Through Module Load - T1129 Remote File Copy - T1105 Masquerading - T1036 Obfuscated Files Or Information - T1027 Powershell - T1086 Masquerading
Show in Graph
Common Information
Type Value
UUID 86e58cf8-f7bf-4bb5-ab63-c441b6973fd5
Fingerprint 8ca501d54b7e07c9
Analysis status DONE
Considered CTI value 2
Text language
Published July 12, 2023, 12:57 p.m.
Added to db Nov. 18, 2023, 11:49 p.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline CustomerLoader: a new malware distributing a wide variety of payloads
Title CustomerLoader: a new malware distributing a wide variety of payloads
Detected Hints/Tags/Attributes 120/4/103
Source URLs
Redirection Url
Details Source https://blog.sekoia.io/customerloader-a-new-malware-distributing-a-wide-variety-of-payloads/
URL Provider
Details Provider Source level domain
Details sekoia.io blog.sekoia.io
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 59 Sekoia.io Blog https://blog.sekoia.io/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 118 
sekoia.io
Details Domain 2 
kyliansuperm92139124.sbs
Details Domain 2 
smartmaster.com.my
Details Domain 28 
telegra.ph
Details Domain 30 
www.mediafire.com
Details Domain 75 
tria.ge
Details Domain 2 
slackmessenger.site
Details Domain 2 
slackmessenger.pw
Details Domain 2 
slack.zip
Details Domain 2 
crypt1.pw
Details Domain 2 
missunno.com
Details Domain 2 
get-vbs.com
Details Domain 2 
cmd2.pw
Details Domain 2 
mymine.pw
Details Domain 2 
vbs1.pw
Details Domain 2 
vbs22.pw
Details Domain 2 
vbs3.pw
Details Domain 2 
macros-pro.net
Details Domain 2 
plugin4free.net
Details Domain 2 
self-games.com
Details Domain 2 
soft-got.com
Details Domain 2 
vpnsget.com
Details Domain 2 
vstget.com
Details Domain 2 
seif-games.com
Details Domain 2 
self-games.host
Details Domain 2 
self-games.pw
Details Domain 2 
self-games.site
Details Domain 2 
self-games.space
Details Domain 2 
soft-got.co
Details Domain 2 
soft-got.net
Details Domain 2 
soft-got.pw
Details Domain 2 
vst-dw.com
Details Domain 2 
vstdw.com
Details Domain 2 
hardcoverradio.com
Details Domain 2 
macrospro.pw
Details Domain 2 
plugin4free.com
Details Domain 2 
vpnsget.pw
Details Domain 2 
adanagram.com
Details Domain 2 
bin-a.pw
Details Domain 2 
bin-b.pw
Details Domain 2 
bin-c.pw
Details Domain 2 
bin-d.pw
Details Domain 2 
cmd1.pw
Details Domain 2 
cmd22.pw
Details Domain 2 
get-a.pw
Details Domain 2 
get-b.pw
Details Domain 2 
get-c.pw
Details Domain 2 
get-d.pw
Details Domain 2 
get-i.pw
Details Domain 2 
get-y.com
Details Domain 2 
hautegaleria.com
Details Domain 2 
jacksmanual.com
Details Domain 2 
vbs2.pw
Details Domain 2 
minemy.pw
Details Domain 2 
gethere.pw
Details Domain 2 
macro-pro.net
Details Domain 75 
tinyurl.com
Details Email 18 
tdr@sekoia.io
Details File 39 
amsi.dll
Details File 2 
48e003a01.7z
Details File 2 
4_2023.rar
Details File 2 
5_2023.rar
Details File 208 
setup.exe
Details File 2 
slack.zip
Details File 1 
slacksetup.exe
Details File 2 
bebrik.php
Details sha256 2 
d40af29bbc4ff1ea1827871711e5bfa3470d59723dd8ea29d2b19f5239e509e9
Details sha256 2 
c05c7ec4570bfc44e87f6e6efc83643b47a378bb088c53da4c5ecf7b93194dc6
Details sha256 2 
b8f5519f7d66e7940e92f49c9f5f0cac0ae12cc9c9072c5308475bd5d093cdca
Details sha256 2 
3fb66e93d12abd992e94244ac7464474d0ff9156811a76a29a76dec0aa910f82
Details sha256 2 
65e3b326ace2ec3121f17da6f94291fdaf13fa3900dc8d997fbbf05365dd518f
Details sha256 2 
7ff5a77d6f6b5f1801277d941047757fa6fec7070d7d4a8813173476e9965ffc
Details sha256 2 
695f138dd517ded4dd6fcd57761902a5bcc9dd1da53482e94d70ceb720092ae6
Details IPv4 2 
5.42.94.169
Details IPv4 2 
45.9.74.99
Details IPv4 2 
5.42.65.69
Details IPv4 2 
179.43.170.241
Details IPv4 1 
77.91.124.25
Details IPv4 3 
104.193.255.48
Details MITRE ATT&CK Techniques 120 
T1129
Details MITRE ATT&CK Techniques 627 
T1027
Details MITRE ATT&CK Techniques 28 
T1027.007
Details MITRE ATT&CK Techniques 99 
T1132.001
Details MITRE ATT&CK Techniques 504 
T1140
Details MITRE ATT&CK Techniques 298 
T1562.001
Details MITRE ATT&CK Techniques 91 
T1620
Details MITRE ATT&CK Techniques 75 
T1001
Details MITRE ATT&CK Techniques 442 
T1071.001
Details MITRE ATT&CK Techniques 492 
T1105
Details Url 1 
http://5.42.94.169/customer
Details Url 1 
http://smartmaster.com.my/48e003a01/48e003a01.7z
Details Url 1 
https://telegra.ph/full-version-06-03-2
Details Url 1 
https://www.mediafire.com/file/nnamjnckj7h80xz/v2.4_2023.rar/file
Details Url 1 
https://www.mediafire.com/file/lgoql94feiic0x7/v2.5_2023.rar/file
Details Url 1 
http://5.42.94.169/customer/770
Details Url 1 
https://tria.ge/230608-y3pgnsag5s.
Details Url 1 
https://slackmessenger.site
Details Url 1 
https://slackmessenger.pw/slack.zip
Details Url 1 
http://5.42.94.169/customer/798
Details Url 1 
http://179.43.170.241/bebrik.php
Details Url 1 
https://tria.ge/230611-xmzr2aad3z.
Details Url 1 
http://5.42.94.169/customer/735
Details Url 1 
https://tinyurl.com/bdz2uchr