MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 86d7fdb5c8a211adefdf877ecd253cae7eb1249da38c08511dd7e284fbe31761. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Smoke Loader


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 86d7fdb5c8a211adefdf877ecd253cae7eb1249da38c08511dd7e284fbe31761
SHA3-384 hash: b8283f4f25edcb8a3fca3a7f1f1da15e444c7dff0016d0c6d25a4bbcfe0072cda2875c163e470accee7f7fa25f015e60
SHA1 hash: 7ea017511c4277ebb70bdc960b4dc24249fd7145
MD5 hash: 18b27e8a1e822d8750be3f170fad7c59
humanhash: south-princess-ack-seven
File name:86d7fdb5c8a211adefdf877ecd253cae7eb1249da38c08511dd7e284fbe31761
Download: download sample
Signature Smoke Loader
Create hunting rule
File size:230'912 bytes
First seen:2026-06-05 06:50:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c81db0a320cdad5ab41c9a291ea9b6e9 (13 x RemusStealer, 11 x Smoke Loader)
ssdeep 3072:PMkiQ0Ti78ZGAttez2m7sKNqQNmTVm9he0xoyW3kXxnLwBsYC:BsG78sATmZbNmhQa3SnsC
Threatray 17 similar samples on MalwareBazaar
TLSH T14E34296BC25330FCD553C07892662332AB73BA3847754EE70692D7358E61EC06E7BA25
TrID 51.9% (.EXE) Win64 Executable (generic) (6522/11/2)
16.1% (.EXE) OS/2 Executable (generic) (2029/13)
15.9% (.EXE) Generic Win/DOS Executable (2002/3)
15.9% (.EXE) DOS Executable (generic) (2000/1)
Magika pebin
Reporter JAMESWT_WT
Tags:Click-Hijacking-TDS exe Smoke Loader

Intelligence

File Origin
# of uploads :
1
# of downloads :
123
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
86d7fdb5c8a211adefdf877ecd253cae7eb1249da38c08511dd7e284fbe31761.exe
Verdict:
Malicious activity
Analysis date:
2026-06-05 06:53:07 UTC
Tags:
stealer remus
Link:
https://app.any.run/tasks/7ace5284-2945-47e9-89b3-d08172c92111

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/69114/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader49.37132.7646.12463.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
95.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a2271bb57b7bf261d610f32
Tags:
phishing virus
Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Using the Windows Management Instrumentation requests
Connection attempt to an infection source
Query of malicious DNS domain
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/86d7fdb5c8a211adefdf877ecd253cae7eb1249da38c08511dd7e284fbe31761
Verdict:
Malicious
File Type:
exe x64
First seen:
2026-03-03T14:22:00Z UTC
Last seen:
2026-04-10T01:36:00Z UTC
Hits:
~10
Detections:
Trojan.Win32.Agent.gen Trojan.Win64.Agent.smfrin
Link:
https://opentip.kaspersky.com/86d7fdb5c8a211adefdf877ecd253cae7eb1249da38c08511dd7e284fbe31761/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/a482ee40-0585-47b6-8731-48c429101e13
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/86d7fdb5c8a211adefdf877ecd253cae7eb1249da38c08511dd7e284fbe31761
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/86d7fdb5c8a211adefdf877ecd253cae7eb1249da38c08511dd7e284fbe31761/
Verdict:
Malicious
Threat:
Family.SMOKE LOADER
Link:
https://tip.neiki.dev/file/86d7fdb5c8a211adefdf877ecd253cae7eb1249da38c08511dd7e284fbe31761
Threat name:
Win64.Spyware.Remus
Create hunting rule
Status:
Malicious
First seen:
2026-03-03 20:56:46 UTC
File Type:
PE+ (Exe)
AV detection:
29 of 36 (80.56%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=q3l73noiuii23367q57m2jj4vz7lcje5uogaqui527rij67dc5qq._file
Verdict:
suspicious
Label(s):
remus
Create hunting rule
Similar samples:
8068deb913b87d47ad5e3dbadadc8e8ea118e86bb0d80b87fdd74a383d9fa1dd
Smoke Loader
86c6ae7c4fd825bf4bf58401e895acbef5ba52380bcb55c5149ba231c57eb03d
Smoke Loader
874f222694fc355fcf570b3bb9c69f85ea1a6f5ea4a02d7eb847b9b38b56bbfa
Smoke Loader
aaf0109974d4570b530a19c85f2bd0eb15b7ba824bde98fc5ef453b40b81788c
Smoke Loader
bac70244b93a4a92b9d633415435cd81e8643ecd20b52b962b369ceaaddc3958
Smoke Loader
c3a891c4652dc9f892b685d17a28b9c04bab0c5c162916b9a4a29bfe9cf5e852
Smoke Loader
c60d0b23667af82a59fdc30ada3d6b34e7fde1c878831c027e11738f2fb621af
Smoke Loader
+ 7 additional samples on MalwareBazaar
Result
Malware family:
remus_stealer
Create hunting rule
Score:
  10/10
Tags:
family:remus_stealer botnet:448047fca6095fefc5107817f2be3abc stealer
Link:
https://tria.ge/reports/260605-hl63dsc18l/
Malware Config
C2 Extraction:
http://ropea.top:28313
http://baxe.pics:48261
http://coox.live:28313
Unpacked files
SH256 hash:
86d7fdb5c8a211adefdf877ecd253cae7eb1249da38c08511dd7e284fbe31761
MD5 hash:
18b27e8a1e822d8750be3f170fad7c59
SHA1 hash:
7ea017511c4277ebb70bdc960b4dc24249fd7145
Link:
https://www.unpac.me/results/c910fc90-373c-4991-beed-ad8aff9933b8/
Malware family:
RemusLogger
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/86d7fdb5c8a2/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/69114/

Comments