MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7913434df606acbc614781c9133a7e515306bb00eb8c062d042b736020122ad9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Smoke Loader


Vendor detections: 16


Intelligence 16 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7913434df606acbc614781c9133a7e515306bb00eb8c062d042b736020122ad9
SHA3-384 hash: 1e18f8b9dcc0a2bc3e783fe3a0b3e7753c12329858b194b52c96e45a40a251ed90779bb19805d6edc93884ca6ed47b21
SHA1 hash: 6c7d05a001ee83c48f27b674479c225358242772
MD5 hash: 5ebc526271bb401675ac57dca9a44e89
humanhash: mars-item-ohio-yellow
File name:5ebc526271bb401675ac57dca9a44e89.exe
Download: download sample
Signature Smoke Loader
Create hunting rule
File size:194'048 bytes
First seen:2023-12-11 14:57:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash bcb945da6d587ee0214ea3353c638407 (2 x Smoke Loader, 1 x LummaStealer, 1 x RemcosRAT)
ssdeep 3072:s07gIqLEHi+kKRt5jQxOBp8cPMllvOVRL+pF2/Z6yE4ZhL5Qvg7:jgIqLKi+1R+eRIvOVqFmZ6D4Z
Threatray 1'387 similar samples on MalwareBazaar
TLSH T16E149D3292E17C51E567CA328E2E92E8362EF5514F99776E32088A3F04710BDD2E375D
TrID 46.6% (.CPL) Windows Control Panel Item (generic) (57583/11/19)
25.2% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
8.5% (.EXE) Win64 Executable (generic) (10523/12/4)
5.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.0% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):PE icon
dhash icon 0030c09030341000 (2 x Smoke Loader, 1 x Stealc, 1 x RecordBreaker)
Reporter abuse_ch
Tags:exe Smoke Loader

Intelligence

File Origin
# of uploads :
1
# of downloads :
249
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
smoke
Create hunting rule
ID:
1
File name:
5ebc526271bb401675ac57dca9a44e89.exe
Verdict:
Malicious activity
Analysis date:
2023-12-11 16:55:12 UTC
Tags:
loader smoke smokeloader
Link:
https://app.any.run/tasks/8398c5d4-1171-4a84-a13d-b7cf62a6715c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/465406/
Detection(s):
Win.Packer.pkr_ce1a-9980177-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %AppData% directory
Enabling the 'hidden' option for recently created files
DNS request
Sending an HTTP GET request
Query of malicious DNS domain
Sending a TCP request to an infection source
Enabling autorun by creating a file
Sending an HTTP POST request to an infection source
Gathering data
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mokes packed
Link:
https://www.filescan.io/uploads/65772884eba1080314895e6b/reports/20201ac2-e16b-42d2-8864-f1e60000b14c/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/7913434df606acbc614781c9133a7e515306bb00eb8c062d042b736020122ad9
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/aadcf15f-10b5-48c6-96da-5031e763be11
Result
Threat name:
SmokeLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1358554
Signature
Antivirus detection for URL or domain
Benign windows process drops PE files
C2 URLs / IPs found in malware configuration
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Checks if the current machine is a virtual machine (disk enumeration)
Creates a thread in another existing process (thread injection)
Deletes itself after installation
Detected unpacking (changes PE section rights)
Found malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Machine Learning detection for dropped file
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Maps a DLL or memory area into another process
System process connects to network (likely due to code injection or exploit)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected SmokeLoader
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1358554 Sample: iXRnZTjkko.exe Startdate: 11/12/2023 Architecture: WINDOWS Score: 100 21 humydrole.com 2->21 27 Found malware configuration 2->27 29 Malicious sample detected (through community Yara rule) 2->29 31 Antivirus detection for URL or domain 2->31 33 3 other signatures 2->33 7 iXRnZTjkko.exe 2->7         started        10 wdategh 2->10         started        signatures3 process4 signatures5 35 Detected unpacking (changes PE section rights) 7->35 37 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 7->37 39 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 7->39 41 Creates a thread in another existing process (thread injection) 7->41 12 explorer.exe 9 3 7->12 injected 43 Machine Learning detection for dropped file 10->43 45 Maps a DLL or memory area into another process 10->45 47 Checks if the current machine is a virtual machine (disk enumeration) 10->47 process6 dnsIp7 23 humydrole.com 189.232.1.60, 49705, 49706, 49707 UninetSAdeCVMX Mexico 12->23 25 175.119.10.231, 49741, 49742, 49743 SKB-ASSKBroadbandCoLtdKR Korea Republic of 12->25 17 C:\Users\user\AppData\Roaming\wdategh, PE32 12->17 dropped 19 C:\Users\user\...\wdategh:Zone.Identifier, ASCII 12->19 dropped 49 System process connects to network (likely due to code injection or exploit) 12->49 51 Benign windows process drops PE files 12->51 53 Deletes itself after installation 12->53 55 Hides that the sample has been downloaded from the Internet (zone.identifier) 12->55 file8 signatures9
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/7913434df606acbc614781c9133a7e515306bb00eb8c062d042b736020122ad9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7913434df606acbc614781c9133a7e515306bb00eb8c062d042b736020122ad9/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2023-12-11 15:18:17 UTC
File Type:
PE (Exe)
Extracted files:
24
AV detection:
28 of 37 (75.68%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pejugtpwa2wlyykhqhergot6kfjqnoya5ogamliefnzwaiasflmq._file
Verdict:
malicious
Similar samples:
1f52f74d9d7281830f07fb29c7fd0c4d420cb045a0b092fb985638fd1c16e72c
Smoke Loader
395f9ff23d317a49de9e8434da0b3ad85d169316ddf4f8ad42a18f0c57ec8854
Smoke Loader
7913434df606acbc614781c9133a7e515306bb00eb8c062d042b736020122ad9
Smoke Loader
8e867494a625d1da06926afc75ae619ae9594653f8b322361e3f89e23fbfe386
Smoke Loader
9e2fb05a6c85330fe6e8d6bb1cd28a77e2da2c00b5c85daedaeb51adbf14c959
Smoke Loader
c11ccf6b28e360183fcbba9909fd17227787a64c5a841730cf2036a59f2816d4
Smoke Loader
d548abf6933d51e8542495a3c7b764316175638a9bd953870459cacc03f17fb4
Smoke Loader
e8294c5431401445f5feff3a660f67a803295d2ce86fbd7696c3d95782a6d8d0
Smoke Loader
eb89aefe42a75d469a73bbdade770911b1dcf94f7b7541a0ceff2f84b7f0c2bb
Smoke Loader
f6b202b9c3ce03513dcc19e36cac092ec27794a7966ce5c0737df5f5a4c2855f
Smoke Loader
+ 1'377 additional samples on MalwareBazaar
Result
Malware family:
smokeloader
Create hunting rule
Score:
  10/10
Tags:
family:smokeloader botnet:pub4 backdoor trojan
Link:
https://tria.ge/reports/231211-sjfsjabec9/
Behaviour
Checks SCSI registry key(s)
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Deletes itself
Executes dropped EXE
SmokeLoader
Malware Config
C2 Extraction:
http://humydrole.com/tmp/index.php
http://trunk-co.ru/tmp/index.php
http://weareelight.com/tmp/index.php
http://pirateking.online/tmp/index.php
http://piratia.pw/tmp/index.php
http://go-piratia.ru/tmp/index.php
Unpacked files
SH256 hash:
3e4ed6c647e12eb7aaa85e9c4d14bb39114c31f297ddd81dcf27e8c058a12b6f
MD5 hash:
84deae0ca802158916bbebb1ad19ac66
SHA1 hash:
35b46766791a2c9875ccb29e3c26447f74eb1191
Detections:
SmokeLoaderStage2
Create hunting rule
win_smokeloader_a2
Create hunting rule
Link:
https://www.unpac.me/results/1f0e7aa9-83e7-4606-b6a7-7d218f199dac/
Parent samples :
ccd69debd81c0c3fb8955765cf651b334b7ae7ae3d8435b28dcd8e15858ccfb5
8af864323e89e92851ff10a51583d87b46bcea41317902c9a45c3a5f2b2b71e7
e8294c5431401445f5feff3a660f67a803295d2ce86fbd7696c3d95782a6d8d0
8e867494a625d1da06926afc75ae619ae9594653f8b322361e3f89e23fbfe386
abe641bc75aeeafd830b88097ed26754af9dbac6034083fe24bd45a93f54b01c
c11ccf6b28e360183fcbba9909fd17227787a64c5a841730cf2036a59f2816d4
1f52f74d9d7281830f07fb29c7fd0c4d420cb045a0b092fb985638fd1c16e72c
eb89aefe42a75d469a73bbdade770911b1dcf94f7b7541a0ceff2f84b7f0c2bb
395f9ff23d317a49de9e8434da0b3ad85d169316ddf4f8ad42a18f0c57ec8854
f6b202b9c3ce03513dcc19e36cac092ec27794a7966ce5c0737df5f5a4c2855f
0e94e4b6b2335784cc2e5163c664a44083192595544e2e17ffad690822b6f0d6
94364db142642a4ebd576ef2c79c76511542e1787eed0b52939d789f74eef41d
8854cdb4e14167859a76263e2fe5285559a5cd924e99030e1830916b4e9c3329
4532c3e99090fb0407f3cdc5b0d2e15e8493e7082dd53a2abdc3bbbb1ccef4f6
ae536c655914319c4bfa2ec6c7a6a849138e9356e2570faf33601621a3d0e868
d5796d3461e8f19107fa716972342debbc2b120e079502e8304fee349ea60916
2a08ae97594f67ab1b9bc45fc32821ba3667bdd706c153d05fc5385060ef9eac
5193d90e010d5f346610ca2c18c64827a371dfc64b98a592f9ae708abd63d7bb
9c577a35e83aa1a62ab76f1e1bc7e9b878a54fb1bdeb7df9a93a9aeaa862b5dc
803aa7b0adbf73e1852e0ab6f8d76657b8bdd9403f92f21c6e565e43fc5ed0c7
321c1030af76dcedd0d7823813aca63ab8f5977f7d843d955d08d369793b31ef
8e9c1d7bc736266a45b3f9de4376f116432ad47d37e9d7a31a806283a29a65c6
833c678d8f91fd027e0e54a56e653312c413e9158dd8e326a62c50c92dae6e47
cef85a8d7492297af26aa650e4eebb8bd4a7095224a21b4e19b6d9a024ddb9f3
cb91a21cf617b5bf3356ee4ff69ac82fee292ce9bb8ae687affc2ca666f44241
4acef4a7f5645fa4af6e49a5f873942470945d9ff02668be8040808dd346719c
a91eb8b04609502f6121191f6a344cb66406ef6fa436037b67f2f49393ccf918
2ce464c23cc622a38511f0986deb6519e8656686d13eb81b67403a0393ba7f58
f74d61a6e88fb2e957889f6b59cae56ce3b708f94b4fad14d5e10ebdded90aa6
509431d0f744db4162c66ae2143b0829c4be2879b69b18d0c9d64b1e255b171e
a2834114656557d233107b5934d5d9fc06f51b64b35696aa4b20fafb0c9416cf
f288a4bcb81b6eb549af0679d3cb173028e56bef9c71f17ed6f137aa3c076930
c4406228bda2b738291e4671966419558161be453434a544ff651821c4c54063
703102ba6531b3745bdde3b5c0d6a8c828a87fc01d03ff5d4a282eef28a7e094
c998f84a22ae2e5d6a732d53a12a630eb0fe9570ff718fbe17dd4d9fd8beb3c4
2a5c11ee717304f47fcf1db502210920f3a844724ab911b021a4d1a3d4fe9703
044121e168b56bd4eaaab19513ca8a8db3b3d8d2e8de926eeadacea0b5edf23e
5002697db7303e3b0d00b43b0ef68d043bfefa7141205f44b5352e14e95f8773
f9f907751c49dea798b2da38071a47ea63a4c929ca776bf3b1a4b9817ae13f24
ea71d95d39146f9031418f6f789c1ac1b91a396bc2c56d80a81250ec2e93ee1b
202bd46e5db0f996eea8adc86bf2db5ba5804979f9914f53e90d4ee4ed2d0957
2c053bbdfb46364b3dbf54200af790bfc54c52b77aa45fae54319da4eeba601c
961b909a42709f521d846a8ca5113da48daf1815dce42aed2f85018f6f01000d
5899a6e71816b20ebdfef00670e8af3678b541aba01ca262ec14b043d1a34e7e
b0f70a20ec31d9c9363835894e7603ecbcdb823ee2d403f3d36156cd082c6df9
2b3ada96c8eb31656f18631d52e1d49c6c65ccb12acba23232c116274e00bacb
9861658054cbb822ba56bf6f24ad130b5c703150a1e4a0c1476b06314e9b4d78
53f94d87f123a3f8e02f22ef9887aaab0f2973594199feca679e9d0ebd733d1f
e2cbc3568549304d97bd02dfcc25c0a52e2e7e9ff4ab146d128a632864b83f89
04557f6c083f530e9574d54a718bea2522ab3516866e46e52701f83c9543a5dd
c42412f876069475a4587b22e737852bcc749cf0acf80765d9d08255064cbe20
77fcdc366eed4dc0205f980830716d5a3f97063af4a860023a09787b37e8dc59
9dd51832d407505efae9b587b98c151a6aaa4edc698aa40ff2f268adc47b0fa8
e9625894666e2f9b89483d524e37401a2dabffbd5fc10378aa4dbf2f124ecba8
589c6d6319bbeb8d36b11c18489a867e121ec97c52c5079ad8af942ecd644884
9db4ce3526e15d9c34778b60c4cc554ac59f5d234aff372ced21d4ad19926e73
a95546e092f2acb686e0fc8856f161458497a4af4e45323647ee971f883c840c
70ed2f1cfb4235a5753f1f8288c55f7fc95cb7e6abdb4e77be154901171f4222
e92dc67c0a7eb8f59e52f80ca0e85dee9a4468ad0b350b6977022f25f6965838
2277d35849e73c839852026e23cf324a1c7bdae27bd5f399ee2ca01781924b7e
63c862b44d556123a28243fd5c1dc86d97fc61c98ce2bdec1b4bfb194a0ace16
08a646fa562d3e3f447b7001356424cc5d7c7296873a8d1d94be35bd52a3b58d
bd690509761514da60ab329b77060048ddd4df4d6d98ef4a72d1d8bba7d45467
db5c83f1b72e9b3d4581ff77f7811d86ffe2663713598ef39fb8d93d8dd2b434
5b6211cc52e3703d3f5919b2ade5341b97af562effa95dc1931aaaa0c4236a82
a808313c2f443b447a021a7e198bce3946567f31884a7a0f039e9bdd82ef3c07
fe205f3f1c1e358f34be6f1fcbb5d4d85b8ef58b478ea74edc88ffa20e70bc12
64387b91f5d8daecd61d01e717eb3304b767a525a54c96548972898a0a1aa94c
a465796934eeea0a3ba1bcbb7acee83f504412b42bc4d02bac59f84ac8240896
06b4c65773d8513493f7abf6961a352d40c3dc0baeb9f798de13bb57d359f6ae
08f01775d80cde35826401ffd38ecc0d11a424adfa069bd5a40431b644c42746
5021c620fa6a1cb5f7ae266caadcb58206704bd6d10b534f7ade86d4f43fb5cf
b02e3c821ec122b043fcde0eaafb904f2161942dd7818906e5ab6053dd9c810e
0ff03f0612da83c2485bae2c9ab56027550784162051aad17b8789dc4be83076
330f6a84397bfc5c1c6e0a85dfea27cc00b2de1db059a1852db48a502379f42f
eb3b78af6ac0d973f1e1582e64f8ec0f34cd445308def5159f97f3bd6edcf151
5957db1f22fbc83bf1fc3d3d56197cf48fcb4348ad3f0c6f40a6244ddf4b77c7
a706690a6796a108609c7c764f2c655b76f8fbf2344ffa5f2a4da39258d0164b
26e19f26c8335cc9c6c13aeb02a5582461c4f45e1a14b128792a975cf2bbfef0
c8ce9d293ef513db783fc8739dacdb3cb495ea3a6e864e9c59566e0a90232a49
7a1d4a1f1ba0058bc46aa6c9053027e5cff56d813f5ea50ada0e6cf55e586bec
d15c9442e73cf3d19521b0ff931fb2c8a557bd00441ee4e8d816d91273ea2ec7
da463c9dff17fe84b5f2f18004e75686f9252adaa80ca9faa612359770e31b89
465d4302e3c81639612b5ee7cd4e5cfc2f2ac9bfbf3b656abdfe673fff801989
073d43e19924524472b9551c13baf20ac3886c6b3048b1e0f88c0bd0c62746ea
9f95c30eea4cad83b2e8fcfa035f406aabc7f850a61aae7205b8fa2ab966f1f8
46a4e86eb26a1315384ea7e65e8d8a9f2dcd43af7da2741fdefecc21782dde6f
94681ea471533efd3e296b1ea1c84a028d634236f66d15a79a5ac5f95d68cab9
36cc3569990b0135061314081897e4595b71b136ecc128b5ecccc771d86ef763
0c18d3fbdc980e3e712f245577ff1a81512bc64d6281b98b80eb2b506cfbed5a
0b9b56b6b37bf90f1a1584a691e85de40795e960b357024e28817b8af1465ec4
fed57ea6d88b53f6f849471931e91d312dc3e19c8f1a9bef25b2cc01ca55c240
7f3ac97d50c2e236d1c6e8afe29e4357cc7644c9b326fb8c11960a3f2af5ae00
cf1fac50d3a4dbed048835a95e6fe15fffbe845acf21db47b7434b16440c7939
4b554f756e6b30123bfb79635862613cc6e69e3842a285b3e023e0d234d936fe
c0fb2ac100a39158f119a5b57b5c220a9d75e53c451b5936b06cb2caafa41b01
3b7c5b13ba821f415196dec9555663c60b8e84b9c288d3aa0cfada6e88be4624
abbb577099966072fb9ce6e9cd334a35be4ee1c946d6b3c8ae3413ac84968b61
a8143b0b025bc0a3b160afbd2b1175310539849250e2c765dcf020c8621b8d08
6464effa0ebd3a828ec2916689081e6db3a65a866b07f14a29f0a42c972e8a67
9e2fb05a6c85330fe6e8d6bb1cd28a77e2da2c00b5c85daedaeb51adbf14c959
78778d67feffc98d7dd74949043e5090686bbaa8bbf2a82453b2c3de9ff25fa8
4dd3a710261d580bfe160d88a6cb08f2ea6cfe9a61068e44b4ccb5b9e1a920ab
86d7c77c9aa41f28bba37440b461641a11c2715d039e909bd02f619ae62934d8
b7ea8155a2cc9ee4c78569682dfc7fc9e3107b675e4e54f753113d0245ee5cc9
f7f44a469cdf8049c9da6fb5b1e2fdbb4e3d1cf2f09ef0eba5889dea7ef80a97
6aaca145fea4be46fabaacc96992c5191dbcc3318b9c1515f4128218fcea012e
27863b4378efc4a5da86ce6eff2fa8e90c29108c4c63ddfce50367fbd883ab12
d6351f7ebc6369987648ce497dd5cbea8eaf5c2374a56965ab40986997a7b0a2
105a52afed97d33cb5a69986904a15c9511907df59fd615ad1b131b9915bce6c
243b6042b1b8e12f7b01283587e2ae9e9210e646ec333732888c414677ffa04f
c5ac2f92bb42df53d39674b1a7e3e94892b9d48f47579ee9d0486afc1b53e709
d871b8cacbcd420f92ae42c2007560cf5d4e0eb264ac8cae1e5911fcf632ff31
655208e6a2f78a0a884b07c639d59d47b51228303152b5336c9776d4b238b177
c2d91c20581b3898fa1022b3e1113b60e70bb1135bed4a3d1c001a7b4ae76cf6
9eddeebc0caaaf59847d80064d1fe276dabd87306e3ad0e768c69c4d5b0ead9d
c97d5114641ebb5dc93d9e7fd1d48a624b90b7698da1411b4669051399eff31b
e106adb16b36284eb2e1fec3ef88af7ce1121e896c623621c1651484763c3213
6fce992cdede05122a85d2fc5f4faa68882945442176df5a46714d059d717e98
afc302bae41ea9bba01a5d31f10d8fa2e1427416539443d4b0ac942152f10ff7
af84b3729c4f5cc21f6a6b0e24730ff0907c95b7d10ae4c172be21827bdeb182
2788d04b71454a74486eb2fc6b2e663f1d6f13668139b22a6f8291507ea47571
c9d0d5cc344623c270b9856c2e8ff4898f5482ac60f54169d7beb88867157780
7913434df606acbc614781c9133a7e515306bb00eb8c062d042b736020122ad9
b6aabf5268984525553cc98792ebffbf5cbcccd9827442697cb98a8e04464513
24789eb31376a14ad283f459600d684d473a8637ae544feeefd774010d777b5c
359ddf4b6d3df8be2fd5a9ed0ade5211ae219ef29085f1a8737b39a75a3ca947
113ca0c9919a99bd03a9d2399ba7ebd97c446117c2afde072e4a05c20df25e46
1c41dc6093407534913fb174e52d0454b0c8a9daf7e85aa6db0401bbe80d3b59
9d697f9412c8216f52efda88e0ad5b77d25185912a9d6a3bbdfc60f35b97b3ee
32e20cc79ed65d659f05c7147a92e8228ed8c3afd98635019cda077a9c3deec8
a17952241d1cfcbbd8f5c5ea920591023e4ea22c95829eaacc5f9561bbd433c3
e761448d2307250c9c577e444c7effd54d333e2d44944c3760ac818d5c215c1e
3ba4a1da7a6ffee3728964d71358824b4648959b55b61c450b4a0267b7006ed6
SH256 hash:
7913434df606acbc614781c9133a7e515306bb00eb8c062d042b736020122ad9
MD5 hash:
5ebc526271bb401675ac57dca9a44e89
SHA1 hash:
6c7d05a001ee83c48f27b674479c225358242772
Link:
https://www.unpac.me/results/1f0e7aa9-83e7-4606-b6a7-7d218f199dac/
Malware family:
SmokeLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/7913434df606/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7913434df606acbc614781c9133a7e515306bb00eb8c062d042b736020122ad9

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Smoke Loader

Executable exe 7913434df606acbc614781c9133a7e515306bb00eb8c062d042b736020122ad9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2730657/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/465406/

Comments