MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 11709f42889d6f9ab8ce1b9f64784a547282c48c0ce8c893b75e7d0def8dd36f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Smoke Loader

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	11709f42889d6f9ab8ce1b9f64784a547282c48c0ce8c893b75e7d0def8dd36f
SHA3-384 hash:	d23dc11b0f339bfb04c828b1a11add5bedb53eb7754688658fcdf2f132899e2197533e27cf34f2ba21f87e179febd327
SHA1 hash:	56209458b24609689ae7b3e444232ac7f459d13b
MD5 hash:	6b6e64e1705b5d77013f3e596e66d76d
humanhash:	helium-virginia-april-five
File name:	Tax Invoice - INV000164900.xll
Download:	download sample
Signature	Smoke Loader Create hunting rule
File size:	664'064 bytes
First seen:	2022-03-14 18:54:57 UTC
Last seen:	2022-04-20 09:48:06 UTC
File type:	xll
MIME type:	application/x-dosexec
imphash	0d1c2e8773adbfbc64d57aab36998066 (3 x Smoke Loader, 1 x Formbook, 1 x ArkeiStealer)
ssdeep	12288:TfBUkVbwLSI5/Q8OF8bzbBSretOi1uWD242S6+4k4am:lUrO2X1wDWeS6Za
Threatray	73 similar samples on MalwareBazaar
TLSH	T164E46B56BEC66EA2EF7F55B783A0EA3D1156736D03A08ACF760305993911FD2413EA03
Reporter	abuse_ch
Tags:	Smoke Loader xll

Intelligence

File Origin

# of uploads :

6

# of downloads :

153

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Artemis72747FBD137B.21410.26342.UNOFFICIAL

Result

Verdict:

Malicious

File Type:

Office Add-Ins - Suspicious

Link:

https://app.docguard.net/11709f42889d6f9ab8ce1b9f64784a547282c48c0ce8c893b75e7d0def8dd36f/results/dashboard

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-vm greyware packed

Link:

https://www.filescan.io/uploads/622f8f920cd58dbd929877e8/reports/9c626cb5-1727-4cf8-b571-ff47bc75536d/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/11709f42889d6f9ab8ce1b9f64784a547282c48c0ce8c893b75e7d0def8dd36f/

Threat name:

ByteCode-MSIL.Trojan.Convagent

Status:

Malicious

First seen:

2022-03-14 09:45:41 UTC

File Type:

PE (Dll)

Extracted files:

3

AV detection:

13 of 27 (48.15%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=cfyj6quitvxzvogodopwi6ckkrzifrembtumre5xlz6q334n2nxq._file

Verdict:

unknown

Similar samples:

288bdb52e7a511af92d68c3baec8d10ff18c2bde1d973a7ed1e947f56abdf2c0

3cd28f853fc7116ece78fbd0be25344d3831c89feba1658412a7dbce529ebab7

495c78e2baff2b6473e25a68c3d35f19a7822016e84266f346678399bd95b467

58949a88bbc21bbcdf1f1afc153ad4e499268a5cc1a6bbb50dd52adc50649dbc

876b4427b613ceebe5a4fa5a8d15e2d9473756c697db0c526dc84eb9bc7a3149

aa05432e0dd1c60d444b4809a8cb0f212cb5b7955ca7042f5af43c011a82a126

ca5b42fc1bbeea762b2170cc94b124ebb3731c68e445e78881fb2cc8fa6b1ccd

cd856b20a5e67a105b220be56c361b21aff65cac00ed666862b6f96dd190775e

d76182aef0d25dcc9d6ddfffc5578d42ace4a7525ead3e4fa2070c33f142f042

f62a1c42d31a2665f1fe2ecec1895645750529f6eb9ce4a3421439bd1bff3171

+ 63 additional samples on MalwareBazaar

Result

Malware family:

smokeloader

Score:

10/10

Tags:

family:smokeloader backdoor collection suricata trojan

Link:

https://tria.ge/reports/220314-xks7gadbfn/

Behaviour

Checks SCSI registry key(s)

Checks processor information in registry

Enumerates system info in registry

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

outlook_office_path

outlook_win_path

Accesses Microsoft Outlook profiles

Loads dropped DLL

Downloads MZ/PE file

Executes dropped EXE

SmokeLoader

suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/11709f42889d6f9ab8ce1b9f64784a547282c48c0ce8c893b75e7d0def8dd36f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample