MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 40e7d0c9f2e846c55ab450848c817c58c1423ec2f9af57595fc8a829af63fa63. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Smoke Loader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 40e7d0c9f2e846c55ab450848c817c58c1423ec2f9af57595fc8a829af63fa63
SHA3-384 hash: f214a2762beffb53e52eb7931096ecc21a130d06f689e376c99a198191f468bf29023e1b58c6430593817f418cc7ca45
SHA1 hash: f0e7eb239555ca6d35645ef2f9c8972f4c6945a3
MD5 hash: 36157d5e337748f90187c4d02e08d8a9
humanhash: coffee-beer-coffee-fifteen
File name:8351f8d6706e5fd316edb6ac296df3b6
Download: download sample
Signature Smoke Loader
Create hunting rule
File size:163'840 bytes
First seen:2020-11-17 12:12:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 56a7962f46adbe8366bcec27ea5f2542 (2 x ArkeiStealer, 1 x Smoke Loader, 1 x Ramnit)
ssdeep 3072:jhWXLFcO1sQRhUmDCJi/NlcABMrIflDoLMel2YO9Ssx5WKpnu:aFcOKQRZDVNlv/0LMyBoT
Threatray 193 similar samples on MalwareBazaar
TLSH 22F39D1134E5C0B2D5E7157B8070C7B05EBBBC672B726D8F2B9532B84F35AE1962130A
Reporter seifreed
Tags:Smoke Loader

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Generickdz-9789082-0
Create hunting rule

Win.Malware.Glupteba-9789016-1
Create hunting rule

Win.Packed.Tofsee-9789948-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a file in the %temp% directory
Creating a file in the %AppData% directory
Enabling the 'hidden' option for recently created files
DNS request
Deleting of the original file
Enabling autorun by creating a file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/40e7d0c9f2e846c55ab450848c817c58c1423ec2f9af57595fc8a829af63fa63/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 12:17:34 UTC
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=idt5bsps5bdmkwvukccizal4ldauepwc7gxvowk7zcuctl3d7jrq._file
Verdict:
malicious
Similar samples:
0bb3d0d83eb2f0f98af3bd6be5fe69658aec3cc0d7614f9cdc98b1ad76737d51
Smoke Loader
237097d56dbe6e685d11f86815a8fa3a5e51b1f48e80a9f7e51d1cfabe0ae4aa
Smoke Loader
24c3fd88b8af64d4e5d3b1258287ad25e79840034dc57f19e51d0df59a5daa72
Smoke Loader
2b911df18337cc69e42d8c16ab58856af2722c7618146a491c9efe54aa73fdbe
Smoke Loader
2d2acde08cf849ce5ee695260a44975731ea62c44b46cd6acd4db0752bc4124f
Smoke Loader
9b28aa737bbfec90341c6a42e2d44f3308659e4fb9dd42d98a0b46cde7aaed63
Smoke Loader
c9b99232e093a959beaecf8d48616b40716fa2b9b6eaf25fed234dfe28e8f2fe
Smoke Loader
ee4a192729f039c2b5829259f58443b9f6564f2d4973e315cc9437bfd166f536
Smoke Loader
f69bdd82ca22268d090832707e37b1cae408ba96476843b55feedac11acc6277
Smoke Loader
f85b4fcd61a36635fe0e40af704b607ab33afdc97131c14fd958f6ae101ad1da
Smoke Loader
+ 183 additional samples on MalwareBazaar
Result
Malware family:
smokeloader
Create hunting rule
Score:
  10/10
Tags:
family:smokeloader backdoor trojan
Link:
https://tria.ge/reports/201117-4kh1fedydx/
Behaviour
Checks SCSI registry key(s)
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of UnmapMainImage
Deletes itself
Loads dropped DLL
SmokeLoader
Malware Config
C2 Extraction:
http://vot552.com/upload/
http://offce221.com/upload/
http://lavanda.best/upload/
http://kinolive.best/upload/
Unpacked files
SH256 hash:
40e7d0c9f2e846c55ab450848c817c58c1423ec2f9af57595fc8a829af63fa63
MD5 hash:
36157d5e337748f90187c4d02e08d8a9
SHA1 hash:
f0e7eb239555ca6d35645ef2f9c8972f4c6945a3
Link:
https://www.unpac.me/results/83450cfb-4d29-439b-af4d-905e957e3c00/
SH256 hash:
710c50026519950c3781a642c94a48a412cbd023eff8dff60d715a022867f6fb
MD5 hash:
93006eeec334d77cc38e530fcd3ce9b8
SHA1 hash:
1202c127dfaaaf07052f0c2ee9d7b95e7e533bc7
Link:
https://www.unpac.me/results/83450cfb-4d29-439b-af4d-905e957e3c00/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments