MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 249df49fd640dc7efbfc27fc2eb836bcff0090557f1b65bb710645cea68c296f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Smoke Loader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 249df49fd640dc7efbfc27fc2eb836bcff0090557f1b65bb710645cea68c296f
SHA3-384 hash: 89014b16e367f131afe8362dbf1ae73e28f207a516872ff445696d9a5be1ffa99932bea8357c185aace7a1858959d8aa
SHA1 hash: 9bda82d2e0579350fdb6173fab844ab141fd968a
MD5 hash: 3bfd999eda204b57268a50624de91537
humanhash: undress-saturn-magnesium-mockingbird
File name:45d.hta
Download: download sample
Signature Smoke Loader
Create hunting rule
File size:93'782 bytes
First seen:2022-05-26 08:12:07 UTC
Last seen:Never
File type:HTML Application (hta) hta
MIME type:text/html
ssdeep 768:wFsf/zmmuBsG4IoAyh0fZDuQfqw4knjco4XVrNDhrs/aZON4I:wFk/uBihQfqw4kn6VrDrs/aZOL
TLSH T17D935F36050A398F96E12E66A79C3EB6B8D05C63DCC8BCF3F558859C077F58E8484E46
Reporter Finch39487976
Tags:EternityWorm hta

Intelligence

File Origin
# of uploads :
1
# of downloads :
265
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader44.61197.2710.17651.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malicious
File Type:
HTA File - Malicious
Link:
https://app.docguard.net/249df49fd640dc7efbfc27fc2eb836bcff0090557f1b65bb710645cea68c296f/results/dashboard
Result
Verdict:
MALICIOUS
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1001999
Signature
Antivirus detection for URL or domain
Machine Learning detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Obfuscated command line found
Powershell drops PE file
Suspicious powershell command line found
Very long command line found
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/249df49fd640dc7efbfc27fc2eb836bcff0090557f1b65bb710645cea68c296f/
Threat name:
Script.Downloader.SLoad
Create hunting rule
Status:
Malicious
First seen:
2022-05-22 00:39:55 UTC
File Type:
Text (VBS)
AV detection:
7 of 26 (26.92%)
Threat level:
  3/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
suricata
Link:
https://tria.ge/reports/220526-j4exasdegp/
Behaviour
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Blocklisted process makes network request
Downloads MZ/PE file
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/249df49fd640dc7efbfc27fc2eb836bcff0090557f1b65bb710645cea68c296f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Smoke Loader

Executable exe 856ef7f611f594731015621e730d9713ae59824f3280703bd3c7de5ba8884767

Smoke Loader

zip 608d90507e8477ca85b911f790799f13f8d04cc380d346b78358237a9480de6d

Smoke Loader

HTML Application (hta) hta 249df49fd640dc7efbfc27fc2eb836bcff0090557f1b65bb710645cea68c296f

(this sample)

Smoke Loader

Executable exe af5379419906d8162669c4809ca28cdc4a4b656658c94f1ba18afb29437e699f

  
Dropped by
SHA256 608d90507e8477ca85b911f790799f13f8d04cc380d346b78358237a9480de6d
  
Dropping
SHA256 af5379419906d8162669c4809ca28cdc4a4b656658c94f1ba18afb29437e699f
  
Dropping
MD5 d6ff26f04a3c22e9dd2ca8016999bef8
  
Dropped by
MD5 4027a41cc4f3d834e8f9091a0f55641f

Comments