MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6f565b65b07cfcf058b59a9b1aecb7a4eb70a08c08001cd436ee30513d5dce8a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Smoke Loader

Vendor detections: 13

Intelligence 13 IOCs YARA File information Comments

SHA256 hash:	6f565b65b07cfcf058b59a9b1aecb7a4eb70a08c08001cd436ee30513d5dce8a
SHA3-384 hash:	8f7eec69fb8e2055d00aa839fe999b9dbc2433ca5a22598f0bb0b9ed136f3a11d40bba97a7a1e648a24ad6810bffd964
SHA1 hash:	027a3ab24639f8193423c3bf7da5f625425ed3cd
MD5 hash:	1c81d39894f42da6e2852cb33c92ae96
humanhash:	sink-arkansas-lemon-nitrogen
File name:	6f565b65b07cfcf058b59a9b1aecb7a4eb70a08c08001cd436ee30513d5dce8a
Download:	download sample
Signature	Smoke Loader Create hunting rule
File size:	212'992 bytes
First seen:	2026-06-05 06:53:21 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	d5a847c34533678aed49adc081077cf1 (1 x Smoke Loader)
ssdeep	3072:tnixR0siS3NSMEN6mKmGli2do7TH/nUKQb7GGGNQ1Hafy9:IxJ9EN6mXKBKuGGG6Qf
Threatray	3 similar samples on MalwareBazaar
TLSH	T1BA24086BC25371FCE652C07892663235AB72B53C47349EFB02A2D7309D61AD05F7A938
TrID	51.9% (.EXE) Win64 Executable (generic) (6522/11/2) 16.1% (.EXE) OS/2 Executable (generic) (2029/13) 15.9% (.EXE) Generic Win/DOS Executable (2002/3) 15.9% (.EXE) DOS Executable (generic) (2000/1)
Magika	pebin
Reporter	JAMESWT_WT
Tags:	Click-Hijacking-TDS exe Smoke Loader

Intelligence

File Origin

# of uploads :

# of downloads :

123

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

6f565b65b07cfcf058b59a9b1aecb7a4eb70a08c08001cd436ee30513d5dce8a.exe

Verdict:

No threats detected

Analysis date:

2026-06-05 06:57:12 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/abc25fbe-d737-4bf8-a5e0-8c9561935821

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/69134/

Detection(s):

SecuriteInfo.com.Trojan.Siggen32.25821.29732.28672.UNOFFICIAL

Verdict:

Malicious

Score:

95.7%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a2272a8f8676ad4d3614768

Tags:

stealer trojan virus

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

adaptive-context overlay

Link:

https://www.filescan.io/uploads/6a2272a2099ef368af210d46/reports/5172fa03-43de-42b4-a651-570d016ee5fd/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/6f565b65b07cfcf058b59a9b1aecb7a4eb70a08c08001cd436ee30513d5dce8a

Verdict:

Malicious

File Type:

exe x64

First seen:

2026-02-18T10:42:00Z UTC

Last seen:

2026-06-05T05:37:00Z UTC

Hits:

~10

Detections:

Trojan.Win32.Agent.gen Backdoor.Win32.Agent.myxdnx Backdoor.Agent.HTTP.C&C

Link:

https://opentip.kaspersky.com/6f565b65b07cfcf058b59a9b1aecb7a4eb70a08c08001cd436ee30513d5dce8a/results?tab=lookup

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/ec505e56-659f-4831-a948-cbb33b7a8072

Score:

95%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/6f565b65b07cfcf058b59a9b1aecb7a4eb70a08c08001cd436ee30513d5dce8a

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6f565b65b07cfcf058b59a9b1aecb7a4eb70a08c08001cd436ee30513d5dce8a/

Verdict:

Malicious

Threat:

Family.SMOKE LOADER

Link:

https://tip.neiki.dev/file/6f565b65b07cfcf058b59a9b1aecb7a4eb70a08c08001cd436ee30513d5dce8a

Threat name:

Win64.Infostealer.Generic

Status:

Suspicious

First seen:

2026-02-19 02:46:03 UTC

File Type:

PE+ (Exe)

AV detection:

23 of 36 (63.89%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=n5lfwznqpt6pawfvtknrv3fxutvxbiembaabzvbw5yyfcpk5z2fa._file

Verdict:

malicious

Label(s):

remus

Smoke Loader

Result

Malware family:

remus_stealer

Score:

10/10

Tags:

family:remus_stealer stealer

Link:

https://tria.ge/reports/260605-hphh7sbz6w/

Unpacked files

SH256 hash:

6f565b65b07cfcf058b59a9b1aecb7a4eb70a08c08001cd436ee30513d5dce8a

MD5 hash:

1c81d39894f42da6e2852cb33c92ae96

SHA1 hash:

027a3ab24639f8193423c3bf7da5f625425ed3cd

Link:

https://www.unpac.me/results/b78ac428-40b5-448e-85e3-d7eeae17942e/

Malware family:

RemusLogger

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/6f565b65b07c/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.42

Link:

https://yomi.yoroi.company/submissions/6f565b65b07cfcf058b59a9b1aecb7a4eb70a08c08001cd436ee30513d5dce8a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/69134/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample