customerloader | 9d1d5346149f31169406d2b23ec83fc292d561979a4f7819c26e74748d9efab0 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

Screenshot...54.png

windows7-x64

1

Screenshot...54.png

windows10-2004-x64

Resubmissions

26/10/2023, 15:25

231026-st48wacg9z 1

26/10/2023, 14:33

231026-rw1g2aeb34 3

26/10/2023, 14:30

231026-rt5zqsce5w 3

26/10/2023, 14:23

231026-rqg4haea93 3

26/10/2023, 14:22

231026-rp2frace4t 3

26/10/2023, 14:22

231026-rpks1ace31 3

26/10/2023, 14:10

231026-rg79bsea25 10

26/10/2023, 14:09

231026-rgk4ssea22 1

26/10/2023, 14:08

231026-rf2edscc9w 1

26/10/2023, 14:07

231026-rfcq2acc8v 1

Sharing

General

Target

Screenshot 2023-10-25 08.11.54.png
Size

13KB
Sample

231026-qce7babh8z
MD5

51e504750e157c50fd5f07ae7643639a
SHA1

aac2c4a1fd69fef7bff8c7447a6d13fa8a9a7452
SHA256

9d1d5346149f31169406d2b23ec83fc292d561979a4f7819c26e74748d9efab0
SHA512

b84134b916a1b91ced634997dbb810f77baa398e0e2c485db5a245e13609398d2c2e88dc6dec8080a769739125030aad33ca526480c67f46791537132020579b
SSDEEP

384:MjreO3cNJHZf1wup3chMjNuMQBmiL4htpBKdBZ:83Kbfmup3A+tpC

Score

10^/10

customerloader xworm cryptone downloader loader packer rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

Screenshot 2023-10-25 08.11.54.png

Resource

win7-20231025-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

Screenshot 2023-10-25 08.11.54.png

Resource

win10v2004-20231020-en

customerloader xworm cryptone downloader loader packer rat trojan

windows10-2004-x64

25 signatures

150 seconds

Malware Config

Targets

- Target
  
  Screenshot 2023-10-25 08.11.54.png
- Size
  
  13KB
- MD5
  
  51e504750e157c50fd5f07ae7643639a
- SHA1
  
  aac2c4a1fd69fef7bff8c7447a6d13fa8a9a7452
- SHA256
  
  9d1d5346149f31169406d2b23ec83fc292d561979a4f7819c26e74748d9efab0
- SHA512
  
  b84134b916a1b91ced634997dbb810f77baa398e0e2c485db5a245e13609398d2c2e88dc6dec8080a769739125030aad33ca526480c67f46791537132020579b
- SSDEEP
  
  384:MjreO3cNJHZf1wup3chMjNuMQBmiL4htpBKdBZ:83Kbfmup3A+tpC
Score

10^/10

customerloader xworm cryptone downloader loader packer rat trojan
- Customer Loader
  Customer Loader is a downloader written in C#.
  downloader loader customerloader
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

customerloaderxwormcryptonedownloaderloaderpackerrattrojan

© 2018-2025

Terms | Privacy