MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a5476eed216a55fa35d1a0ed0b4be51ce8c376e12a44a8f74f1ee9b1e0a1e685. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	a5476eed216a55fa35d1a0ed0b4be51ce8c376e12a44a8f74f1ee9b1e0a1e685
SHA3-384 hash:	bac0d1503629b3f53623b4d6de9448d432a2c5b316ab07096faafef8ec9a16fd6678c2d4c5703124ab45e464c511f748
SHA1 hash:	02db8d219f8b97fc25d812e9c0012e6ffb3e71e1
MD5 hash:	94f7dacd5b046eba244fceebe7b9a1dd
humanhash:	maryland-bacon-mississippi-comet
File name:	94f7dacd5b046eba244fceebe7b9a1dd
Download:	download sample
Signature	Smoke Loader Alert Create hunting rule
File size:	200'704 bytes
First seen:	2023-06-24 11:47:07 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	a19128c77d60d2b394dfa78b2e70b342 (1 x Smoke Loader)
ssdeep	3072:uaY0LwJqqkCPyIrxC55W86GOsKc9P5bivyKKT9cWCeGW801Io:u7VvxJGFrP5+vUOEf1Io
Threatray	151 similar samples on MalwareBazaar
TLSH	T1FD14E011B2D1C0F2D1B606B028398A149737FD139E3AC69B7B88468E1F36ED5DA37715
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10523/12/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	377a78bf3c64bee4 (1 x LgoogLoader, 1 x Smoke Loader)
Reporter	zbetcheckin
Tags:	32 exe Smoke Loader

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

303

Origin country :

FR

Vendor Threat Intelligence

ANY.RUN redline

Malware family:

redline

Alert

Create hunting rule

ID:

1

File name:

94f7dacd5b046eba244fceebe7b9a1dd

Verdict:

Malicious activity

Analysis date:

2023-06-24 11:49:06 UTC

Tags:

opendir loader gcleaner evasion redline smoke trojan rat

Link:

https://app.any.run/tasks/eea01a80-42f8-4bdc-b787-8660686c7ff9

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

CAPE Sandbox

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/402471/

ClamAV Detected

Detection(s):

SecuriteInfo.com.Variant.Zusy.380087.14910.21296.UNOFFICIAL

Alert

Create hunting rule

Dr. Web vxCube Malware

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

FileScan.IO Suspicious

Verdict:

Suspicious

Threat level:

  5/10

Confidence:

100%

Tags:

cmd.exe greyware lolbin packed shell32.dll

Link:

https://www.filescan.io/uploads/6496d7f2ee55f1e1b4b51894/reports/85822cf6-cd99-446f-87fc-9f3a87d97f66/overview

Hybrid Analysis Zusy.Generic

Verdict:

Malicious

Labled as:

Zusy.Generic

Link:

https://www.hybrid-analysis.com/sample/a5476eed216a55fa35d1a0ed0b4be51ce8c376e12a44a8f74f1ee9b1e0a1e685

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Intezer Malicious

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/656a1812-5a10-4822-9187-bde78870e612

Joe Sandbox lgoogLoader

Result

Threat name:

lgoogLoader

Alert

Create hunting rule

Detection:

malicious

Classification:

troj.evad

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/1260874

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Contain functionality to detect virtual machines

Contains functionality to infect the boot sector

Contains functionality to inject code into remote processes

Detected unpacking (creates a PE file in dynamic memory)

Multi AV Scanner detection for submitted file

PE file has nameless sections

Yara detected lgoogLoader

Behaviour

Behavior Graph:

Download SVG

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a5476eed216a55fa35d1a0ed0b4be51ce8c376e12a44a8f74f1ee9b1e0a1e685/

ReversingLabs TitaniumCloud Win32.Downloader.SmallAgent

Threat name:

Win32.Downloader.SmallAgent

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-06-24 11:48:06 UTC

File Type:

PE (Exe)

Extracted files:

5

AV detection:

26 of 37 (70.27%)

Threat level:

  3/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=uvdw53jbnjk7unorudwqws7fdtumg5xbfjckr52pd3u3dyfb42cq._file

Threatray malicious

Verdict:

malicious

Similar samples:

248cc9a72ef0f0740bd05bf10b56345530e820a2179ccf295722cd85667ee8c1

Smoke Loader

3549e650f927dd1c2499c83577f499df00b410c1e01c4a3a0903ed67296a9473

Smoke Loader

4aba54c660a656f5bb5b75ea11029217bdf96c931c21d1143042ac3278ac6e43

Smoke Loader

4f8d6ffadd35a07194cc2739873ef459f246b5aeff1d88b5b10fe34887d4a786

Smoke Loader

61436285b70355a6e0239c982c9b4a12cf2061c5b9c1eb2f4ff97133c549e891

Smoke Loader

8e7c2890227d1b9441cacad8f01d2e5519094f7886f2477377aa5e2989f75f0f

Smoke Loader

93dc33973823843d0eba85f4f9f09561f37ff650129cdacc2ead9fffd8d131a1

Smoke Loader

943ba4a6b708cc1c79323f7c2b255cc57e7f788cabd6cdb13146c4fcb145b425

Smoke Loader

e806601047d5a080ababc1274c39cd1916583124166b985ca65b08f0a0e6feea

Smoke Loader

fb38d631b422b9a0d8df8b59e307fb2463a6882e1241f51848fa96bb4b732978

Smoke Loader

+ 141 additional samples on MalwareBazaar

Hatching Triage lgoogloader

Result

Malware family:

lgoogloader

Alert

Create hunting rule

Score:

  10/10

Tags:

family:lgoogloader downloader

Link:

https://tria.ge/reports/230624-nyerkacc2v/

Behaviour

Detects LgoogLoader payload

LgoogLoader

UnpacMe 3

Unpacked files

SH256 hash:

ef4ed17c2f46b57b6470a47db17d39df2fbe98941900a9ebd29dea73f3cf4973

MD5 hash:

6ed817065f8aaf998489b7060823d58b

SHA1 hash:

7d9e712a099f841e50db6869fc988d11aac398ed

Link:

https://www.unpac.me/results/baa884f6-93e9-403d-9a14-6f8161dbfc79/

SH256 hash:

ceb192ff08bda7b4cb12d2f55806be2e5038e0701a8304dc210e9348a4d50b34

MD5 hash:

2b1c72b8354a9ce3204548c7cb0fc24e

SHA1 hash:

7790b7ade96afde27a5c1887394891932b5780e6

Link:

https://www.unpac.me/results/baa884f6-93e9-403d-9a14-6f8161dbfc79/

SH256 hash:

a5476eed216a55fa35d1a0ed0b4be51ce8c376e12a44a8f74f1ee9b1e0a1e685

MD5 hash:

94f7dacd5b046eba244fceebe7b9a1dd

SHA1 hash:

02db8d219f8b97fc25d812e9c0012e6ffb3e71e1

Link:

https://www.unpac.me/results/baa884f6-93e9-403d-9a14-6f8161dbfc79/

VMRay RedLine.E

Malware family:

RedLine.E

Alert

Create hunting rule

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/a5476eed216a/report/overview.html

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a5476eed216a55fa35d1a0ed0b4be51ce8c376e12a44a8f74f1ee9b1e0a1e685

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Smoke Loader

exe a5476eed216a55fa35d1a0ed0b4be51ce8c376e12a44a8f74f1ee9b1e0a1e685

(this sample)

  

Delivery method

Distributed via web download

  

URLhaus

https://urlhaus.abuse.ch/url/2670914/

Cape

https://www.capesandbox.com/analysis/402471/

Comments

---

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

zbet commented on 2023-06-24 11:47:08 UTC

url : hxxp://85.217.144.228/files/AAAd1.exe