MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 725ef7921a3bbdcdaab5c323e98a7117e98dc77ec8867d08be590645beffd0ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Smoke Loader

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	725ef7921a3bbdcdaab5c323e98a7117e98dc77ec8867d08be590645beffd0ae
SHA3-384 hash:	28421b8cc6436e5f47d0bbf416b13fd36343d680ebd72570116f7f687cc174a56feb8de4cd543da2f072c7dcb67663a3
SHA1 hash:	a21410605b8fa028552c5ab914fa0bea7b59cacf
MD5 hash:	4b23667c0764fe7ecd0171b1eec76e32
humanhash:	blue-wyoming-undress-nine
File name:	Statement - February 2022.xll
Download:	download sample
Signature	Smoke Loader Create hunting rule
File size:	580'096 bytes
First seen:	2022-03-16 07:59:05 UTC
Last seen:	Never
File type:	xll
MIME type:	application/x-dosexec
imphash	f20a8db3e4a8c03c1ab177b2660fdd78 (4 x Smoke Loader, 3 x AgentTesla, 2 x Gozi)
ssdeep	12288:qzLjlZHAt+AZrkOCH8bzbBSrejOi1uWD242S6+4z:qzLhltAdkjcX1CDWeS6Zz
Threatray	76 similar samples on MalwareBazaar
TLSH	T164C4AE57F6E77A65E6AFC1BAC6B1C92D62B3309612B0C3CE774055492D22392483DB0F
Reporter	abuse_ch
Tags:	Smoke Loader xll

Intelligence

File Origin

# of uploads :

1

# of downloads :

157

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

725ef7921a3bbdcdaab5c323e98a7117e98dc77ec8867d08be590645beffd0ae.zip

Verdict:

No threats detected

Analysis date:

2022-03-16 13:48:51 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/aae477ea-1d5f-42dc-9dbb-265ca1da4982

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

SecuriteInfo.com.MSIL.TrojanDownloader.Agent.KOL.21355.14570.UNOFFICIAL

Result

Verdict:

Malicious

File Type:

Office Add-Ins - Suspicious

Link:

https://app.docguard.net/725ef7921a3bbdcdaab5c323e98a7117e98dc77ec8867d08be590645beffd0ae/results/dashboard

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/623199270cd58dbd92a504de/reports/242b606c-928c-42f4-bebf-73f05f9f3aff/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/725ef7921a3bbdcdaab5c323e98a7117e98dc77ec8867d08be590645beffd0ae/

Threat name:

ByteCode-MSIL.Trojan.Convagent

Status:

Malicious

First seen:

2022-03-16 08:01:30 UTC

File Type:

PE+ (Dll)

Extracted files:

3

AV detection:

20 of 27 (74.07%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ojpppeq2ho643kvvymr6tctrc7uy3r36zcdh2cf6ledelpx72cxa._file

Verdict:

unknown

Similar samples:

06062b94f5122b8e90cca9c672de8d16f9ea095d4f0888549583d280426b7940

11709f42889d6f9ab8ce1b9f64784a547282c48c0ce8c893b75e7d0def8dd36f

181e8199c373271be6ab13287d4722e60d6839d4611893d1748d69d939097900

288bdb52e7a511af92d68c3baec8d10ff18c2bde1d973a7ed1e947f56abdf2c0

3cd28f853fc7116ece78fbd0be25344d3831c89feba1658412a7dbce529ebab7

6818b517efdacfd1d0862de4ef52c1f6a88708fa156352290b6673c394f37645

aa05432e0dd1c60d444b4809a8cb0f212cb5b7955ca7042f5af43c011a82a126

ca5b42fc1bbeea762b2170cc94b124ebb3731c68e445e78881fb2cc8fa6b1ccd

cd856b20a5e67a105b220be56c361b21aff65cac00ed666862b6f96dd190775e

f62a1c42d31a2665f1fe2ecec1895645750529f6eb9ce4a3421439bd1bff3171

+ 66 additional samples on MalwareBazaar

Result

Malware family:

smokeloader

Score:

10/10

Tags:

family:smokeloader backdoor suricata trojan

Link:

https://tria.ge/reports/220316-jvfggahbgk/

Behaviour

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Checks processor information in registry

Enumerates system info in registry

Modifies Internet Explorer settings

Modifies data under HKEY_USERS

Modifies registry class

Program crash

Loads dropped DLL

Downloads MZ/PE file

Executes dropped EXE

SmokeLoader

suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/725ef7921a3bbdcdaab5c323e98a7117e98dc77ec8867d08be590645beffd0ae

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample