MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c265e4069a993ec44021ed7750ca9bd7c1f43cdfac38a8c7bdd10ec5e2e320b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Smoke Loader


Vendor detections: 16


Intelligence 16 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2c265e4069a993ec44021ed7750ca9bd7c1f43cdfac38a8c7bdd10ec5e2e320b
SHA3-384 hash: f1dd477cea89f21911d846a9748fb71d4ae6e35a5d3cf3f81fb6ac23cc0b404e42cdd0bd54b42a98fb65112d5983bf3d
SHA1 hash: 044a9441bcac36d326c41da9b597bc55eae2ee21
MD5 hash: ab0afae150cd2cbfcc7cb1b27c7183ac
humanhash: papa-twelve-spring-beer
File name:file
Download: download sample
Signature Smoke Loader
Create hunting rule
File size:193'536 bytes
First seen:2023-02-15 17:04:15 UTC
Last seen:2023-02-15 18:31:49 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 39de7fa9d5db754ecbe7ddc0a550cc7e (4 x Smoke Loader, 2 x RedLineStealer, 1 x AuroraStealer)
ssdeep 3072:BCaAesTG/kT6o+0DYj3BsqtVuoBJnwSVpqxvvaDuTW:BbAe/kTZo3TtVuo/fWZva
Threatray 752 similar samples on MalwareBazaar
TLSH T14014DF1332E0A471D52746319D25D6E47E6EF893CE78DB4F23181A3F0E706E29A7A352
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 9094e4c2cae2e2c2 (1 x Smoke Loader)
Reporter andretavare5
Tags:exe Smoke Loader


Avatar
andretavare5
Sample downloaded from https://chegaacores.com/systems/ChromeSetup.exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
204
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
smoke
Create hunting rule
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2023-02-15 17:05:47 UTC
Tags:
trojan loader smoke
Link:
https://app.any.run/tasks/cf707c77-4a9f-49d3-9507-8d1e7d56c20b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
SmokeLoader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/366788/
Detection(s):
Sanesecurity.Malware.28842.BadO.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Searching for synchronization primitives
Сreating synchronization primitives
Creating a file in the %AppData% directory
Enabling the 'hidden' option for recently created files
DNS request
Sending an HTTP POST request
Query of malicious DNS domain
Unauthorized injection to a system process
Enabling autorun by creating a file
Sending an HTTP POST request to an infection source
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
75%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/63ed10c054f64beb90112623/reports/2bad46ec-50ca-426b-9671-284b12aca669/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/2c265e4069a993ec44021ed7750ca9bd7c1f43cdfac38a8c7bdd10ec5e2e320b
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/901184e2-2814-4a74-b59c-97236793de48
Result
Threat name:
DanaBot, SmokeLoader
Create hunting rule
Detection:
malicious
Classification:
troj.expl.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1175942
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2c265e4069a993ec44021ed7750ca9bd7c1f43cdfac38a8c7bdd10ec5e2e320b/
Threat name:
Win32.Trojan.Privateloader
Create hunting rule
Status:
Malicious
First seen:
2023-02-15 17:02:31 UTC
File Type:
PE (Exe)
Extracted files:
14
AV detection:
19 of 25 (76.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fqtf4qdjvgj6yracd3lxkdfjxv6b6q6n7lbyvdd33uioyxrogifq._file
Verdict:
malicious
Similar samples:
0be325e7d3253f609917be317217169fffd3af10664b3035927bdb7f50f4f41d
Smoke Loader
15177b57aeee8322fd44fda943d9224bee553c9517c9a8955c08f3d80682bb4c
Smoke Loader
37a7fe464a2e4852950feedc32c31af0fcfcd350de09d2028e73f5f6ca8de55d
Smoke Loader
4177d0b3bd33718071bb18ed5d457c9080df26b2d1b60242ef08eb68c0f457ef
Smoke Loader
67cc54d36f348c5f1704a06e97e41231c03b2dbdef788f360f9d66bfed44e7cc
Smoke Loader
6b9ba8142fbc33fe4836047a4a92a5d2c75c407044737ae2dcc2b16a55ae7016
Smoke Loader
8a2df8d3e911f07d376b95581aef69926656faa9180e706bffd1c01af84341c7
Smoke Loader
d00233d6a2138fc3e66073bc98545522b3236d8448d008beab0fddf694688219
Smoke Loader
e0bd77d953de9c400b8338ca69f2aeb4eadfae945c75081b3c61fcc23ede76ee
Smoke Loader
e806273d406508ca7b868dab08703861cef202de832ca2976bc33381b1b0a98f
Smoke Loader
+ 742 additional samples on MalwareBazaar
Result
Malware family:
smokeloader
Create hunting rule
Score:
  10/10
Tags:
family:smokeloader backdoor trojan
Link:
https://tria.ge/reports/230215-vlt42sch79/
Behaviour
Checks SCSI registry key(s)
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Program crash
Executes dropped EXE
Downloads MZ/PE file
Detects Smokeloader packer
SmokeLoader
Unpacked files
SH256 hash:
b8c138127a493332b964dcf0f19b2011c902cd23a672827816d3d88618076a97
MD5 hash:
a936220cf66ecc8594b53fbd94ca7253
SHA1 hash:
8ba7c23f5e46b697cb297c291153e0dfcc4eae2e
Detections:
win_smokeloader_a2
Create hunting rule
SmokeLoaderStage2
Create hunting rule
Link:
https://www.unpac.me/results/0b302d7d-23f5-4877-982f-c1d040b2760f/
Parent samples :
695c14d27171f9d8606571fad11404b5cbda354b1e17cb014e3e2d95fd77fa36
51f9775a943c2a60a5a91a735db752920c2a5caad51ba190e4f7e3af3c7d144d
ebf3d58e41457acc722c1abec57661c7a8bbb580db62177a3d25ba4405f4dafc
d88d2826c07358bf80c09379121d77e21077f7261a6ac7bb3daaea95e7692cb8
9769412727355afacbe12462bf964f8f1f509ef80ed52783f1fbad5b3cfb8983
9ce9dffd37ec53a9834ca8176c8c8515cb6882fda39afa9dc748f427541b7922
323d285f670c92118fa148f0511a13c2d3fb12806a3c50e050946590ebc19881
084c0aa92e9a0cc7c14f9bf1215cc72f56aabb22d8ec7283abf77d4be03c7c98
dcbd0a559aa1138a8e2330c5590c96f791217bac951a6c7c1ba4ff7419cb525d
90988c815a0d7bca3e0e8cc3ebde74d55e3eda874687ed7b92bb3528c2745d57
daefa1992110b9e7aadbf7364e36e621e389a3b92ea9f6b4f3c4debe9f7cc7d8
2735371bbffec3c5d97b7b5f060485920a152a70629215cba0d66c91142009f0
158004c34b25ef3e94f1664151012731bcb029a905205f16c42c4f3087f129ee
88354b37427492c5730a4d0d8576c612ae355dcbddc8e3260e1aa5e5f429909c
32cb8276e6a47e5ab898033755df317af903c775ad2ee52b393a306f9e01b77c
be943cff3ddc8fddaba89b354a54c6097cc4182be24253bf5edfd06565ad5f90
e2145cb74caf435887344832b31954afd855e60d07cfa5fe2a0bcc4a32b8c363
30c06bafae44cd57f824a3c46aa9e0422e03d0c768b5c3b677b1fffb3eb39c57
5805c23899dfad2a84e063f4f34539b5b4916c862079187f4aea834d38079cd5
332614b22c53277ac5dbb94592ebf8c15ea7e680eb27dc518b4e7dd5687bf293
fd99ddb07c2d6a4f4df3135cacad2bb5b973bff45a11e83e218404cb50334b5f
dd31b8c887812dd8728b473eea574b42c73d73920986de404acc41659b0fe274
59a741423dbe977bb9d2bcf02b14d5670c20fffbba23facdb75cd737f5dea148
6a70b03b40e70adfb5612dd2f02d82203629c77240dbe0dc67b062f0ba49876d
f332476a37fa86870eb0563e638376f6bc3e17956c7839aecb133596548e743b
1d7021756ccaacb34ee59cf131e3b1b3ae688edd103fcef18c60606b5e14b21e
526c981f4e061a5053f223166f3a26109a70e5a74abc3954f5ca352a98584d6a
9e957c5a40fbf1fc5f2db25e0529fa95ca80a72897c32fd97736927a0b9eb174
94ff4e97196284c9e00726860f888276b1470ca9e0d47a19d7b917de927829b5
1a28123e32b8df8688f8311cd6f01776ef8a1208ac28501529322ae2ea951e0d
ea90e9a64e47feec4e20a41bc22ea2aca6fb0d16eb133d8ac6265d9d71981425
661311e040b8c7b47c81fd052c3a5f55d8822f9a92d8074fcc542966c8cebda7
b77629961b948cdbdbdeaf4784369e272580973ca0a2c835a6519c68497c0704
43886c06b5cb90a79919994b9304522c3c75b18b75d3aba5d8feddc2511b5b2e
6feb91b9bb98df912f9f63b2197d9998c3e89b86bc25f3f9b69f2b0271224eb4
d5007c6ee5d4b18a54eadb54235c7bebdfc94c73aa8755a1e26a5dd72fda4aa4
f985c99e9c17fdafd802183eccd0bb408ce549206a0e0ee61dff5b3609b822ff
82e4aaa11c00142ac6392578d23f3b60e64328fb62a0234687f0abbe05b09413
fd5d62e0dadeb6b5689315787863b19fef9b6902eff93cc93a8ffe8cbc7eef10
750530f9eed2ba0aa0c26003d2e4b8f038f897bee6cf64682db8ef1727828e2a
c8584c11e28e28971df30f5420845b122b3c95cb8ebe7dc770b3f8bb0e3df08f
b6e2d6fe05a317b2597e3660c2c923fa9e2a78154b6232727d3c7ac576118d5e
488747c95f1b20ada2e4b0760bbe1612fb8d919ed94d1f6afc50edab170e23d0
c38b5c389f8a644d14a328ca4bfb0281dd641d6002f4614e7398ac9845288e16
060208ea4e6c1ca1d59ca879f1444b261d1df8e60d082305978ae3343325f5ec
62b09d92565241be83096a78a7dcd5a550c25788e711cef9d52bf95e9bfeb60c
f53c98f2df049ee0dcc4ac46eb7bad1c911ae5133b3c2fb6132437699595399e
dd320e81674ac8fbce7a800948e73dcf854372cfc803091e81a6424086c543ec
b3676dc3ed909078174a8c2a7a19180b801d7018dada81e43cc56678b8392239
455bcfc3c5a58b6092fd6cba0874c4f8146cc1488914553c9cdace1aa25bb436
2e38d79d03f31bc45af06b97dabb3cdf3044a104445e381e9ea1d2861baeb326
73023c7983cb881182a5b6374a0aa00c6717f80ab86dbb5eb7444618a57091ac
dc721c83e8f5229c968ed884a629b0c685618c8323f3b9781575938e3ee8e7cd
7c0dd6ad5b191a2698e31344e0beae2a2547f09096ab2490a232f8545f13767f
d0fc3833c4afe9b5ff6bada0b6ff6f59cd82b0a16f69cdcee9ad85505880bead
fd39d2e48518f2af7f710b62ccea1b5990269a07066663f9b4e0e637b98791c1
8a2df8d3e911f07d376b95581aef69926656faa9180e706bffd1c01af84341c7
4177d0b3bd33718071bb18ed5d457c9080df26b2d1b60242ef08eb68c0f457ef
aa7af3189c969ce9228c0ec3cf7eda0ffcd908b46d99c416be6c8e65386cf22d
770f7c319c044756f5c8c405e29f880a2f4dee039a755bbd5b48a28351568472
3278b88e722066e5a1a1a78c1b5ef956b8a624afafa239b832f02ce5ea4124f4
e4f665bed3b5df1f87aa3cb30989c69f252fb889a3e26884e5e9858d3d9cb656
2c265e4069a993ec44021ed7750ca9bd7c1f43cdfac38a8c7bdd10ec5e2e320b
51c5649c6dfa46f694fa3aa6e80ea015d8f3a9b66e016dfc0d19022bdf937263
cd2d82d5bda0b80eb94f06fbb47f1d7e2f57e7b9fc71cadc703917575eb72521
7d14ed924cd3b950a852070e34d4f8e82ba8304aed64ab99e4ae06c4873678ed
1d0f1e5c28621d7f32c9306a48400f3f69cf0bdde0042d33ebae1db190592d01
adc2da3b4abfed5a1459303456fe4b4743d91800d22cb108143ff2031e7b5206
fb4950bff0a9a33d985477a59208c9dc05198d186cc0009f0ebba58a3ecc8046
4a04657c18dbaa3713aa99369d42b6a6e2995dcf3af2e083730c78d56701e08b
b466be611c7dcbda603596a11d17aeaea5f717fa8eb7e450adf8dac4e58ec9f5
ce53672ed18824b09e7d87ba9bb9e3fbdb6ab6309d301c3ca97be97cae5c7551
c5d28844e1e9f1a0eea2542d279ec7b55b75a065df5ddc26a2c1be4395b53bdd
f9e4b629bbdd2e3ffc36787f6ecd53a20f6aab23587af2057aa8dbf7c406dcd0
f3023985d6f2ad22cfb6cb0635aef04b002a38e6da8b83ba970c9e34bcd8fdfe
cbbf203f9cdaccef593ec50a4ab2738a21fbb3850c0c74ea531bbb219a55af20
0e4722653d9d917e35cd403924899bf3d66515b4e7d9d2000ff0ace516b7d95d
78248761477b304110999b2001fd5af367c907c699d39a27380d1690ca476115
77b57f2918cad8432979891872b6ee6951aa17fccf7596d5897e629b47fefed9
ccd6abd200a65c6a88127b7f03c7dbb84887d250206f79ad37353ae014a7cb84
1b1f39a21ca69164e2a39114e310192867b49cdfcf042fc8def9b6842e0fd88a
0ef0b37c1e90843380634dc1dddc087a1c556f8ff4dca1c17842dfef8d35fc42
18a5a4af0467d0f0eeb9420d2654d518a7eeda6faf5198fd04bf10a401970d43
1f2acb47387b977fdc156664571219ac6ad0bf11c47bfc15b243b17215c43912
4c9c65c2399e6dec22bbf1a84a3289ea5dbce81676511fdb265f06f479f7da22
8b3b4feb7e618ca90501b51baf15bc9e7b210c8a7cdc12dff5a1a3af1b27215d
fda645481f01db3d67ee5b42d6a46a1b14b106eaa5e46e218056eca7249aba73
7e34427c5e75c608f0dab76a16cda2cd905ca138d05cfde4b544b9f7b1d55da6
d7af0e72cf1229d0b6012ca312ae05c3d96e31539ebbc6125e7cbac7a5ec0704
9c0b09a6e1486495472b4ddab3cc9f9e362ffe1843c2f4b40b1174d7b0e85110
SH256 hash:
2c265e4069a993ec44021ed7750ca9bd7c1f43cdfac38a8c7bdd10ec5e2e320b
MD5 hash:
ab0afae150cd2cbfcc7cb1b27c7183ac
SHA1 hash:
044a9441bcac36d326c41da9b597bc55eae2ee21
Link:
https://www.unpac.me/results/0b302d7d-23f5-4877-982f-c1d040b2760f/
Malware family:
SmokeLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/2c265e4069a9/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2c265e4069a993ec44021ed7750ca9bd7c1f43cdfac38a8c7bdd10ec5e2e320b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
  
URLhaus
https://urlhaus.abuse.ch/url/2539402/
  
URLhaus
https://urlhaus.abuse.ch/url/2538701/
Cape
Cape
https://www.capesandbox.com/analysis/366788/
  
URLhaus
https://urlhaus.abuse.ch/url/2539629/

Comments