MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7c506ed3e073c24a1e9999dfd6c99ef6f1eb37878d0055d5710445280feac46. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Smoke Loader

Vendor detections: 3

Intelligence 3 IOCs YARA 26 File information Comments

SHA256 hash:	c7c506ed3e073c24a1e9999dfd6c99ef6f1eb37878d0055d5710445280feac46
SHA3-384 hash:	fa63f577909d5164d9387bd44b81d3e123dd21198ae08af9645d16be4e88b2c797f079d78899eeefe371d10767633195
SHA1 hash:	5cad02b6ef9b8a0ce8d072dcdc864c2315671183
MD5 hash:	f467913f2804676632ab82f9d3f46755
humanhash:	six-papa-florida-sierra
File name:	CS2CheatExternal-4.3.7.rar
Download:	download sample
Signature	Smoke Loader Create hunting rule
File size:	18'240'030 bytes
First seen:	2026-04-20 01:05:33 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
Note:	This file is a password protected archive. The password is: 8871
ssdeep	393216:zRRHr9MghM5FsITF3IJ5tK9J/xvTjYDFvLEwBwyZN1EH/VF6SjPQ2alu:zPHBhMv5IJ5s9J/xvTjYDFvLEwBwyKHF
TLSH	T1E50733EDB94E5C720F635A3BF0916E04867C3A479F6B65665D6CC3C172FEE838802684
TrID	61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika	rar
Reporter	tcains1
Tags:	pw-8871 rar Smoke Loader

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

File Archive Information

This file is a password protected archive. The password is: 8871

This file archive contains 72 file(s), sorted by their relevance:

File name:	gjk.cpp
File size:	120'510 bytes
SHA256 hash:	95d36845587a86e8a667d458da48853d21313629cc9c3aaeab8ad1110113891e
MD5 hash:	7e2653b0fb3dfcf32950a6ce7b74e8ec
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	rabbitmq.bin
File size:	367'656 bytes
SHA256 hash:	0d7fc21cf31976b4b6f322807cdcdbc4c4403b72bdc985b0a99250a50762856d
MD5 hash:	209e0ce62938e1cb8d124f6b32647cea
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	mon.cpp
File size:	275'733 bytes
SHA256 hash:	4145b989421f50ad4372b1414de894d91a442786304767a60c567e28e70ec9e1
MD5 hash:	33e705c88193fea51927cbf68f048eb9
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	datasource.cpp
File size:	376'213 bytes
SHA256 hash:	b36d29239ce83b845c1844e79853d3014d5c472e278ebe8f37096aea4816f826
MD5 hash:	b54d3c9a2bf5a111edd10918bc5e1f1e
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	environment.bin
File size:	181'205 bytes
SHA256 hash:	fa06ae06a9e66876413542455faf3d05b67d66b45694f3f46c64bc0cfb252f07
MD5 hash:	fe208465ce1a5f47244d15167524f8bb
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	beanfactory.cpp
File size:	116'127 bytes
SHA256 hash:	1e8b60183a346658681a4d374699f6150d54a4f4cdc0726de2eabceea76bfb85
MD5 hash:	29682fa9e2b82418a6dad2ac671104e4
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	aspect.c
File size:	146'100 bytes
SHA256 hash:	430514e53e8845e0d9c2c993158739cc968607ea1744bb8b7c4c253b6a8f6c72
MD5 hash:	91a65fb2b377e8dc461389b9e9eec8e6
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	unmount.cpp
File size:	262'904 bytes
SHA256 hash:	1a9d34c3de8b9cbfa61bf0811b9494e0f9e115747bf9fc486d5794e0f44d54c3
MD5 hash:	508827f3b5331f5d2e8bcb8f50316e15
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	cmd.cpp
File size:	132'321 bytes
SHA256 hash:	e8b9b3667eb6fe4a0abe7bdc88ff62dc6544ca219bc1258ec1be566a966d7e88
MD5 hash:	bf33f71a3c1eb48594ce60806ce9f16d
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	tempo.c
File size:	114'656 bytes
SHA256 hash:	c085417529f4c4844ff18d185c6e59bc3cb3d77747581a6055bd8b83852d49ce
MD5 hash:	5bd63f40854a0c7a324ececf15752f21
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	tick.c
File size:	370'785 bytes
SHA256 hash:	eb30942aac2582d8bd2e1141394217d95ea66d39d0b95c03c0bcf3c4dd323c71
MD5 hash:	b673162d7a8e32e4746d65a505406a0c
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	replicaset.c
File size:	237'614 bytes
SHA256 hash:	803c79e83c3c1561bbcb4ddb058578cb2b86889042317da1a02fcb921339f78f
MD5 hash:	19ac746badb9943f19773ba24dbf5023
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	envloader.cpp
File size:	154'627 bytes
SHA256 hash:	853a2d3d8cb038df8d2fcf4df8c1a413275a67f3bfc7e8f84a42260f2d5b946a
MD5 hash:	2c3f76ce96ffb10e0232ab1bd2958249
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	pacs.cpp
File size:	399'133 bytes
SHA256 hash:	19d28981c09ac512ef87e037e186562f6503ad3fa923e9a89e6c10a849c3606f
MD5 hash:	f8031affae1458cdc9d6866ea0f1e9f0
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	info.c
File size:	156'295 bytes
SHA256 hash:	4eb5adfcb8b3ee74f4218fcbf178ea7610022f967e3ffb90ee33419b060aa5db
MD5 hash:	e17e9d09dbe2a8359ee35a1ebd5753c3
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	abstractfactory.c
File size:	244'853 bytes
SHA256 hash:	3e03ba050f0c004c4deb7768fe5a87bf540d8bcaf59b05aaf3a1638b7ea1c93c
MD5 hash:	7b017444347db19d3c51c82582b1f366
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	travis.cpp
File size:	352'298 bytes
SHA256 hash:	4ecf464d70bb2d2add474b9575016c761393d4decaf68032e5fe5a5459826954
MD5 hash:	d4c45398050925a7b20be3d681b065c7
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	intro.cpp
File size:	128'600 bytes
SHA256 hash:	94d77fc1551124534499db3b6513331ea73fa265a2c2ff6f65364a065054e6f6
MD5 hash:	759fd7a7f05a041856e84da810e00b44
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	work.c
File size:	319'855 bytes
SHA256 hash:	97c6bfe18416dfbb89c3e48c7819bad3b6aa74d657156d73fb78a9df3b59b1c2
MD5 hash:	3e77083e9be1904ac0942fd765817f33
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	tip.cpp
File size:	238'317 bytes
SHA256 hash:	79467aea73f3f21eb86f14e9f6eed27637768f8262ad2f05acfba84b95b0829b
MD5 hash:	8960e871c0da8dd55efb090cf5bfaa72
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	wait.cpp
File size:	206'627 bytes
SHA256 hash:	392329908bfc1821f9487e8d0cd8f29e8036e3350b8fdd8faaf337ea1979c254
MD5 hash:	715ee0b69091dcb0bc32b4c2559a0097
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	bootstrap.cpp
File size:	252'519 bytes
SHA256 hash:	4d368923a13f2df30c0cfb0997be548e9cd1a13b90d4f61cd54b5f1ff4fb2fba
MD5 hash:	82fc3d768eb2bd0254c2e6bdf15decc0
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	xmllreader.bin
File size:	289'558 bytes
SHA256 hash:	551d01854585900fe90be0a967eac38c7af86ee3f01ca8c9e9a565da7e16ebdb
MD5 hash:	9d70ead919ac1460b961303a8a69828f
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	commandcontroller.c
File size:	164'876 bytes
SHA256 hash:	ccca532fe99b5731988416c6f3e7b40162c1b485b966da85a5ef8144f889f927
MD5 hash:	75aeb08ab66f2bedb73eeefc0014aedb
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	cache.c
File size:	280'999 bytes
SHA256 hash:	fc16b3cd8a292688a21f60ed33119f0afc3c539130927017f5a20a97d0362b11
MD5 hash:	ba69b100d72f8e9c68b839a0a658c8c5
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	slug.bin
File size:	219'469 bytes
SHA256 hash:	0e1136773664a9166756bc875eb33039c065dbaf96f4031178950b8fc212a472
MD5 hash:	c3d91cd97e51144720090af3f76f2e77
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	deserializer.cpp
File size:	261'777 bytes
SHA256 hash:	6f104ef62dd2c28c7d98de4abfa43a137be1d3205bd9b285d5f91e3aa34125a9
MD5 hash:	f0b2ea057ce87fa7c800e2bad7d0bd46
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	unlink.bin
File size:	225'242 bytes
SHA256 hash:	2c0d017a8e7ef0421a1ec655fe0e68451af00db1ebe3198a73f62da61cdf1a0d
MD5 hash:	73a6a0d4d34b8740dcb0f6b6aafc44c4
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	itemwriter.c
File size:	140'720 bytes
SHA256 hash:	ee3fcf48cb8fef9b50db40f0614fa67a93e87d249e259d1ef8cc93b26807176d
MD5 hash:	25e312512f290a56a2533c6a2560a816
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	fault.bin
File size:	192'789 bytes
SHA256 hash:	bf1c1722871ce2c0186282971a2bce6ef25b6fc87de48aa24840c5b630b5fc4d
MD5 hash:	745eb5e1922d4808a70429e37bfa6b67
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	auth.c
File size:	259'408 bytes
SHA256 hash:	b64ba3f961ad625b8a9bdb0414e30dfbd3231d4a0fe2a653ba83579098841352
MD5 hash:	74254ecafd4b02e84f36b5c6af5228f0
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	alertmanager.c
File size:	293'680 bytes
SHA256 hash:	2a28456abcf0421f285471bc0b8391faf7ab5218605c098f8a69fcc4702ab846
MD5 hash:	d3fce8af93bbdc63ef2e3181bf6b5b9e
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	resolver.c
File size:	168'702 bytes
SHA256 hash:	c32ccc37cf5dd333aa6d0a52783ee7507eeabdcd9e4b1c87b79ca7285edaae75
MD5 hash:	ac7f06ac317a5867b407e785c9287ed0
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	schedulerfactory.c
File size:	378'989 bytes
SHA256 hash:	d7358c6ffd514e6498edcd8e6186f817f7c65716e444d8c85fbe6ebe8eb1a4fb
MD5 hash:	2caefc92c371f90c943f8475a162fea5
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	stencil.c
File size:	278'012 bytes
SHA256 hash:	11889b54ded06116d0e228d1829830162334603da2f25f9ed537539f1f620523
MD5 hash:	ecddacae8755527a2ad7bb56d5b7e3cc
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	blend.c
File size:	214'438 bytes
SHA256 hash:	7f040224ceca4e3d3593e7cd9801ea22fd5f90c1db41dc2e46daca90cdc7221a
MD5 hash:	323e9252127f3b8006286a304b113a2d
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	quartz.c
File size:	203'191 bytes
SHA256 hash:	cb66993d943a31cd815ddcd39e0e33171c7ec68861597e466a1cbbf5494cdf29
MD5 hash:	3af1adfa1ddbb66066205cc305a656e6
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	tag.cpp
File size:	331'393 bytes
SHA256 hash:	a1226b71988c6e93dee07342a130dc8266d9d0bb01f382cd55952ebc9be920e6
MD5 hash:	636f8c369423684b1040b6260ecaa5e1
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	advice.cpp
File size:	129'242 bytes
SHA256 hash:	09706fec4fdf4b5a85abaa4be2c0e9d34332669775932fbf11394fb3df339284
MD5 hash:	e595a32e53756576302b46e70d2d1461
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	grammar.cpp
File size:	344'365 bytes
SHA256 hash:	e49143301f4cf1af3b285829b6cd353a2a36fbbf76088f670bd2358ab18baadd
MD5 hash:	0653ca1019af6a8de6f570250e92ce35
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	hasher.c
File size:	311'324 bytes
SHA256 hash:	4d559a425f365128a356c527a13a127785285fbac1b1c6e14b1217f7c146e786
MD5 hash:	d21a75b3d1be9e83021f0eabf531b3e7
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	setup.exe
File size:	699'768 bytes
SHA256 hash:	715b4174065916a6412f60b3c10664b323dc737fd717ab09627083be34626fe0
MD5 hash:	6669e10c960f6c2297bcd3d5a27412aa
MIME type:	application/x-dosexec
Signature	Smoke Loader

File name:	kill.cpp
File size:	216'997 bytes
SHA256 hash:	71315911a5fce791b1567d3291b2732860b2550d8c425369424cf7d8ea166431
MD5 hash:	3ef4750246de5f3ffd7a72dc76634fa5
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	transaction.cpp
File size:	201'524 bytes
SHA256 hash:	4f0fb481b2c70497b336778571ff33dbfe5dfba488e55c0eb02ded76bf63b62d
MD5 hash:	6c28fd96226f023cf3e2ef6fcf4f7cf6
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	cbor.bin
File size:	126'390 bytes
SHA256 hash:	8c67bf22790d5034699f5e1196bf40591e462791931f601b4d69c53d2a7ff7ea
MD5 hash:	514773e55b4c29620a7a8f8dfb9284fc
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	K4P7GFR3
File size:	579'350 bytes
SHA256 hash:	94a3fd69e5bfc7610540bb9941ed8b945c5a621d0f041da60ec559afc1278d29
MD5 hash:	704a1a5293a80ecfe90ebf4c5a314588
MIME type:	text/plain
Signature	Smoke Loader

File name:	glue.cpp
File size:	201'787 bytes
SHA256 hash:	1e7fae3dd2e45b41fe334340fcc6905b4070ea0fea3a0f35b0e07984a4fcfa72
MD5 hash:	630ccdc35cab7a553771a7359b911138
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	phys.bin
File size:	292'809 bytes
SHA256 hash:	fb7f0913a4d7cb9c48623a2ca59b9d1c0926f0b841d2142e37e47fef34a13bca
MD5 hash:	b90bd897c5379da4196788e6461dc541
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	8WKEJ744
File size:	137'242 bytes
SHA256 hash:	f10978c29b75ce1acd3fe4ec664263bb843f6982737d634eb0df94a702026d8d
MD5 hash:	df71b596bec328e86310737ff8003b9a
MIME type:	text/plain
Signature	Smoke Loader

File name:	README.txt
File size:	24 bytes
SHA256 hash:	2c518b8dfc45b4bf7dd99ddb0cf7954ce33a40839639cb0ad1d2edaa134a37fb
MD5 hash:	5c72ce2fdf580991c004e2684f6a2c7c
MIME type:	text/plain
Signature	Smoke Loader

File name:	contextprop.c
File size:	154'959 bytes
SHA256 hash:	00f118582358896d6a2ae1b63395e561e22a4d2bd83a42173bc6f1d6e1a3354a
MD5 hash:	43df48515e9fba8b63a94f6ddc3c8155
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	batch.bin
File size:	382'960 bytes
SHA256 hash:	2d2eefde852983491980e15e5782b0e6bfc8375581de09aaf6a320bea3d549e0
MD5 hash:	4b06b1de439ea233ad595a49d2c92618
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	basis.c
File size:	164'453 bytes
SHA256 hash:	2dbc4167766a1a3478e11c90fbe05a39176e014156bf8a625b052d73ebfce1dd
MD5 hash:	0e565f8339a543cb84dcbb55eee7fa90
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	J7CYJ3M9
File size:	516'024 bytes
SHA256 hash:	69bb8afe0462c89ec7e1bdbf99eb80f01132e67048982899bc7fe3d0f74c8da9
MD5 hash:	e5a9d0e87274f9d31ba3e1b279bbe059
MIME type:	text/plain
Signature	Smoke Loader

File name:	dashboard.c
File size:	231'588 bytes
SHA256 hash:	85c9203dae2410696305ab4bf2441937ec81fb43f80a5bfc2c15696b5139ad90
MD5 hash:	1c994240557a9f99c69159ae2dad8c64
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	epoch.cpp
File size:	120'659 bytes
SHA256 hash:	a3fa5b9264eac076546de41dfb9d4211d0982fc72cc2280ac67fb195267020c5
MD5 hash:	4c38177510b0a4cd1415bb5f335a9261
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	zbuf.bin
File size:	390'782 bytes
SHA256 hash:	05ad05a846de0f7b41598d9cae9a59fb18d02bb7bf27381eb59bda02b35fa4f4
MD5 hash:	3469ddd664b5e299230835dc65f15c83
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	avro.bin
File size:	232'396 bytes
SHA256 hash:	116e4422db39fc5376a420cd6d26bd33a1b374c64653fdab3b75a8ab37a8e441
MD5 hash:	21dc0b5c0f085709409ab3da23cc7422
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	lintstaged.c
File size:	124'291 bytes
SHA256 hash:	b6e416e08bb2ee37e814fcc157c3d64e73215f968e3ce9220e9a161a4ccbe261
MD5 hash:	f905e09615870c4629a59b52aafbf37e
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	radio.c
File size:	317'280 bytes
SHA256 hash:	04eb7db8c10dea70b16190f8f097927978147a8872032633504e563e631630f3
MD5 hash:	52dd849c08678a152c176b0453fa2342
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	replicaset.cpp
File size:	294'757 bytes
SHA256 hash:	40b8d50ef494bf868f2a8139bf6c86d81ff454564d7f58ed3fde04610d236d69
MD5 hash:	ad4c60a616e5c96a5ad2a64667f88f52
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	lock.cpp
File size:	177'903 bytes
SHA256 hash:	1f47a6bb9ff6def0c38cc4ca8d13b6168c22a7a10de118fae73e8679839d628b
MD5 hash:	a7788d403c74b3d0c296694670b90e6d
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	pong.bin
File size:	348'421 bytes
SHA256 hash:	a4bebee2cbc66e9809d1f439d57f1c699524a5a3d58157d053dbfb1d264c6f32
MD5 hash:	60830607748fc4b8f5737150ebff0e9c
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	alloc.cpp
File size:	152'510 bytes
SHA256 hash:	6a724a33e0c988e8f7b12ff3adce9bd7688b9d7228b0ade34b18b039c45dea7e
MD5 hash:	c59eab4cf4af7bc4ecfa190c420e370b
MIME type:	application/x-dosexec
Signature	Smoke Loader

File name:	hsv.c
File size:	247'903 bytes
SHA256 hash:	6ca9db991e88dba52372ac82b08f2df34e6ea7b5ee92702156e2d2cee6c36dae
MD5 hash:	da3dc0758ae0c01328d8857955773adb
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	tsconfig.bin
File size:	359'550 bytes
SHA256 hash:	75e5c3bd0688704f9823cf70308d9130b52587d3913f5818edd38380d0086caa
MD5 hash:	fa312a36946df0bc96b69edc68f5dd29
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	ping.bin
File size:	256'254 bytes
SHA256 hash:	a2fbaf0a5166113c942e8d2f54c93876b16d813954f89bcc4d3d7f755ea1cee3
MD5 hash:	e32bfc8253f905fd684d2e8c0906c055
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	injector.c
File size:	251'965 bytes
SHA256 hash:	f26282e685dc6c285209357c40f995215e84dae4ae420a703c050ef137c28a8a
MD5 hash:	3dfeadfcca6b48432c7efbad72ebe176
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	protegefactory.cpp
File size:	254'513 bytes
SHA256 hash:	6484668ed0547e5ba3c470efd4cea92dd8ebd0c0b2bfc52de5f8eb9974ddd0f8
MD5 hash:	e85bc646a23bde675b26dc635daf9a96
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	iter.bin
File size:	346'895 bytes
SHA256 hash:	cc2637258ef1dfd8e8e95bd89c6783e4f73f76a0d80c5de87c83615a735288d0
MD5 hash:	bd06b572ffb32984a91625bbbf62c19e
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	zeromq.cpp
File size:	346'496 bytes
SHA256 hash:	ede12c16d6a4296559c62ca1fbce789e4cc4b3c74088a385b9d579c7e6db667f
MD5 hash:	9376639400e90e80c1162a4de4c854af
MIME type:	application/octet-stream
Signature	Smoke Loader

File name:	mpclient.dll
File size:	2'077'200 bytes
SHA256 hash:	101eb6d5c3c5be140c681e1d23b86783f40e81552db897e253e2c29609ec11cd
MD5 hash:	786414e68fbeae39a2ef2d57e52315a3
MIME type:	application/x-dosexec
Signature	Smoke Loader

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/fb697b89-c323-4a5b-b295-eca4ce30c438/

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69e57c00f68adfe1003b8947

Tags:

n/a

Gathering data

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/c7c506ed3e073c24a1e9999dfd6c99ef6f1eb37878d0055d5710445280feac46

Verdict:

Unknown

File Type:

rar

Link:

https://opentip.kaspersky.com/c7c506ed3e073c24a1e9999dfd6c99ef6f1eb37878d0055d5710445280feac46/results?tab=lookup

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c7c506ed3e073c24a1e9999dfd6c99ef6f1eb37878d0055d5710445280feac46/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=y7cqn3j6a46cjipjtgo723ez55xr5m3ypdiakxkxcbcffah6vrda._file

Result

Malware family:

n/a

Score:

8/10

Tags:

discovery execution spyware stealer

Link:

https://tria.ge/reports/260420-gvrtdsax9n/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Command and Scripting Interpreter: PowerShell

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/c7c506ed3e073c24a1e9999dfd6c99ef6f1eb37878d0055d5710445280feac46

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Any_SU_Domain Create hunting rule
Author:	you
Description:	Detect any reference to .su domains or subdomains

Rule name:	command_and_control Create hunting rule
Author:	CD_R0M_
Description:	This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	DebuggerException__SetConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DetectGoMethodSignatures Create hunting rule
Author:	Wyatt Tauber
Description:	Detects Go method signatures in unpacked Go binaries

Rule name:	Detect_Golang_Binary Create hunting rule
Author:	Andrew Morrow
Description:	Detects binaries compiled with Go

Rule name:	GoBinTest Create hunting rule

Rule name:	golang Create hunting rule

Rule name:	Golangmalware Create hunting rule
Author:	Dhanunjaya
Description:	Malware in Golang

Rule name:	goLangMatch3 Create hunting rule

Rule name:	goLangMatch4 Create hunting rule

Rule name:	golang_binary_string Create hunting rule
Description:	Golang strings present

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	Golang_Find_CSC846 Create hunting rule
Author:	Ashar Siddiqui
Description:	Find Go Signatuers

Rule name:	Golang_Find_CSC846_Simple Create hunting rule
Author:	Ashar Siddiqui
Description:	Find Go Signatuers

Rule name:	HiveRansomware Create hunting rule
Author:	Dhanunjaya
Description:	Yara Rule To Detect Hive V4 Ransomware

Rule name:	HUNTING_SUSP_TLS_SECTION Create hunting rule
Author:	chaosphere
Description:	Detect PE files with .tls section that can be used for anti-debugging
Reference:	Practical Malware Analysis - Chapter 16

Rule name:	pe_detect_tls_callbacks Create hunting rule

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits

Rule name:	ProgramLanguage_Golang Create hunting rule
Author:	albertzsigovits
Description:	Application written in Golang programming language

Rule name:	RemusStealer_GoPayload Create hunting rule
Author:	burger
Description:	Detects RemusStealer Go-compiled payload

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	Suspicious_Golang_Binary Create hunting rule
Author:	Tim Machac
Description:	Triage: Golang-compiled binary with suspicious OS/persistence/network strings (not family-specific)

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	VECT_Ransomware Create hunting rule
Author:	Mustafa Bakhit
Description:	Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Smoke Loader

rar c7c506ed3e073c24a1e9999dfd6c99ef6f1eb37878d0055d5710445280feac46

(this sample)

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3826288/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample