MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d4b30fa63884e4758e5545848ad0846038885c9b0f55d33f0facae9e7f639a4a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Smoke Loader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d4b30fa63884e4758e5545848ad0846038885c9b0f55d33f0facae9e7f639a4a
SHA3-384 hash: 7a760a55d560a8a176a9e7eb1e077ada1f9a1e25c463550e11681fdc9ea82b26f41008967828904d8f4d114e088614c3
SHA1 hash: 7fe38f4dd6d1fd326f07ec88238a192520bd998c
MD5 hash: 33bc8eeed441d6fbeaae7e348f6fa5ca
humanhash: twenty-one-september-hotel
File name:Approval Tender List.img
Download: download sample
Signature Smoke Loader
Create hunting rule
File size:1'245'184 bytes
First seen:2021-03-29 06:12:34 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:X7uffVFmmmdGK+vAMsrGhh2cB8S1q7KkRDDu+aff7:ruHVFmtGKCUGX2y8S1qdR/DIT
TLSH 79454B53018C95A5D23036308092AE3255A7DEB46E3FE847EBB47DDFA23DF856C24A47
Reporter abuse_ch
Tags:img Smoke Loader


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: regular1.263xmail.com
Sending IP: 211.150.70.205
From: Sebastine <lan.wang@zeppelin-china.com>
Subject: Re: First Approved Tender List for Quotation
Attachment: Approval Tender List.img (contains "Tender RFQ List.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
427
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware1.7881.13791.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d4b30fa63884e4758e5545848ad0846038885c9b0f55d33f0facae9e7f639a4a/
Threat name:
Win32.Backdoor.Mokes
Create hunting rule
Status:
Malicious
First seen:
2021-03-29 06:13:06 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2szq7jryqtshldsviwcivueema4iqxe3b5k5gpypvsxj473dtjfa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.40
Link:
https://yomi.yoroi.company/submissions/d4b30fa63884e4758e5545848ad0846038885c9b0f55d33f0facae9e7f639a4a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Smoke Loader

img d4b30fa63884e4758e5545848ad0846038885c9b0f55d33f0facae9e7f639a4a

(this sample)

Smoke Loader

Executable exe b6e4ffe7aa6d987b3710729ce594007e5709a020de8ef4e4d48eaafbe7250903

  
Dropping
MD5 5958275a4b4972824858be1429c575bb
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b6e4ffe7aa6d987b3710729ce594007e5709a020de8ef4e4d48eaafbe7250903

Comments