MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0bd573a180420b6866b638039e91f90c678f83b7a40a0b3ccca68d891dafc32. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Smoke Loader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a0bd573a180420b6866b638039e91f90c678f83b7a40a0b3ccca68d891dafc32
SHA3-384 hash: 71204766bdcaeb199d4b084a42a6e5c3a7926252c75e0b11491b3c2d3e92eb4e0229123129273079cbd00ba130e89a6d
SHA1 hash: 7a9e93f8be0eb9b7dd29ac5497687ad21f311de2
MD5 hash: 8516e3e0fbd04dc1ac5ede0301ad941f
humanhash: wyoming-fruit-glucose-diet
File name:8516e3e0fbd04dc1ac5ede0301ad941f.exe
Download: download sample
Signature Smoke Loader
Create hunting rule
File size:210'432 bytes
First seen:2021-08-11 16:09:38 UTC
Last seen:2021-08-11 17:06:56 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d01336643bf96b29567aa2447e71141a (4 x RaccoonStealer, 3 x Smoke Loader, 1 x AZORult)
ssdeep 3072:9maJ1A6rtcno6YCrSh5lzyUgolbpL7ScsYh6gSVywo3c+:9yutV6J4vbs7knGyHM
Threatray 267 similar samples on MalwareBazaar
TLSH T10B24AD213DB8D872F49584304476CBE6267FFDA2BA6515473B983B6FEE303D1126234A
dhash icon 4839b2b4e8c38890 (137 x RaccoonStealer, 37 x Smoke Loader, 30 x RedLineStealer)
Reporter abuse_ch
Tags:Dofoil exe Smoke Loader

Intelligence

File Origin
# of uploads :
2
# of downloads :
480
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
4db326a2737abb2f7822cebea35e82135f7577feb6ba7.exe
Verdict:
Malicious activity
Analysis date:
2021-08-11 09:51:25 UTC
Tags:
trojan stealer raccoon loader
Link:
https://app.any.run/tasks/e12df40b-221c-4691-be4d-6339b4af861a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/178339/
Detection(s):
SecuriteInfo.com.Trojan.MulDrop18.23258.27015.15404.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %AppData% subdirectories
Launching a process
Sending a UDP request
Creating a process from a recently created file
Enabling autorun by creating a file
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
DanaBot
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/7c81e140-e91d-414b-be59-2d9541986ecd
Result
Threat name:
Clipboard Hijacker
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/831125
Signature
Contains functionality to compare user and computer (likely to detect sandboxes)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Clipboard Hijacker
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a0bd573a180420b6866b638039e91f90c678f83b7a40a0b3ccca68d891dafc32/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-08-11 09:40:23 UTC
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uc6vooqyaqqlnbtlmoadt2i7sddhr6b3pjakbm6mzjunreo27qza._file
Verdict:
unknown
Similar samples:
02c6d31dbcb21b0dc30be090c2e215dde62c0d2352e2c7deae8c185505a63f06
Smoke Loader
0503af61fcc1260a86771eb486d9f01df5ca37f3634d248c739322dcba03ae7b
Smoke Loader
27b6d10903852d398a72b96b736d4f9811e005bb5dc5451143584af7e0562325
Smoke Loader
29924af043739881674c7d7ac9d2d08a5021e41484a49f28ee43d253cb9e3be7
Smoke Loader
30dbf8a38ef44fcafeb10cf5339d7e124773d1c7f33e269f1100b6c4f93a134b
Smoke Loader
4db326a2737abb2f7822cebea35e82135f7577feb6ba7f0e5657afe2a0f3d0c9
Smoke Loader
5d7545aed39d6e4579ab79537c3c8c398dd60b537a22130464d1c1151befa73c
Smoke Loader
69ac14ed2f1e37e37c70d7d60bd299703931017c43f5166055a43a651882c83d
Smoke Loader
6ef0190cda06f62044e6aed620b74d3b1c588bdafd3c491ae729b0ef25dc00a5
Smoke Loader
975a47f1778cdcf8055715b9351f32315ca77bb0b4c237ae473efdeec558dd7c
Smoke Loader
+ 257 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210811-s6jkxv1jme/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Executes dropped EXE
Unpacked files
SH256 hash:
19189d845acac54398888e27a66eb3771588bbde2080d3d3aab138053aee89e0
MD5 hash:
d850f8d4823240e54f834f85e09bd9e7
SHA1 hash:
2b7d73ebe87cf045464714074b06e756e788d05d
Link:
https://www.unpac.me/results/03d85a74-f232-40f9-b5b1-01f71a330bdf/
SH256 hash:
a0bd573a180420b6866b638039e91f90c678f83b7a40a0b3ccca68d891dafc32
MD5 hash:
8516e3e0fbd04dc1ac5ede0301ad941f
SHA1 hash:
7a9e93f8be0eb9b7dd29ac5497687ad21f311de2
Link:
https://www.unpac.me/results/03d85a74-f232-40f9-b5b1-01f71a330bdf/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a0bd573a180420b6866b638039e91f90c678f83b7a40a0b3ccca68d891dafc32

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Smoke Loader

Executable exe a0bd573a180420b6866b638039e91f90c678f83b7a40a0b3ccca68d891dafc32

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/178339/
  
URLhaus
https://urlhaus.abuse.ch/url/1524258/
  
Delivery method
Distributed via web download

Comments