MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0fd7ba04cc3d16de07e66b3e53fb6d426dfdd7366f2f7b622f6601e0acd78818. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SmartLoader


Vendor detections: 4


Intelligence 4 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0fd7ba04cc3d16de07e66b3e53fb6d426dfdd7366f2f7b622f6601e0acd78818
SHA3-384 hash: 2354599d7227c9158f68bdc3233277b3d2a122f10490f3cceca0fd9bf356e81422e8c705dfe4a9773f2eac1e1b40b374
SHA1 hash: 3d6ead8e7ba3d6dd9c00ba0f460460db8e904e6a
MD5 hash: 4028577209b7246c097188f40358af03
humanhash: hotel-diet-cola-fifteen
File name:Application.zip
Download: download sample
Signature SmartLoader
Create hunting rule
File size:358'206 bytes
First seen:2025-03-12 11:21:41 UTC
Last seen:2025-07-16 20:18:48 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:NYWUIKEGaKZU87tOUc/gVcQxwbrrF02fcm35p+8iFw0PBAgBenK705aQK0ZFcQRM:NYnREGNU87t0gyWyrprfX3hiS0SgBCWP
TLSH T1D2742321F13E3BB8757127740D02BC7E452F0CEC9175C22AAFADDABE821796A444B6C4
Magika zip
Reporter tcains1
Tags:SmartLoader zip

Intelligence

File Origin
# of uploads :
2
# of downloads :
98
Origin country :
US US
File Archive Information

This file archive contains 4 file(s), sorted by their relevance:

File name:Launcher.bat
File size:39 bytes
SHA256 hash: 767f056935691007cf16f7ace026dcce1c8208db0426ca680103f8871c7dd986
MD5 hash: 9c085e14c2b5d00f601fa163556696b9
MIME type:text/plain
Signature SmartLoader
File name:lua51.dll
File size:422'972 bytes
SHA256 hash: 012e772e3c72c5f500aab86e78e99afff222bdc8d914bc32bb244ade03d5a486
MD5 hash: 2f0394640486f2ac8dfb23ee05f904a9
MIME type:application/x-dosexec
Signature SmartLoader
File name:luajit.exe
File size:24'935 bytes
SHA256 hash: 30f7bd2e98df2ec3405f3ab4aab5be8f0dc1d9ac638286edf390c4ddb74b4316
MD5 hash: e1bae2b33bbcf7d1dad46f57fe537141
MIME type:application/x-dosexec
Signature SmartLoader
File name:libs.txt
File size:244'682 bytes
SHA256 hash: 3cb6f47bafad0d907e8ce41c4b4fdd40477c55a0ca1c6f44dec0b15084c57831
MD5 hash: 0461b36a91e01dc3e03c6ba0f3a53c75
MIME type:text/plain
Signature SmartLoader
Vendor Threat Intelligence
Verdict:
Clean
Score:
89.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67c0476b4e50050b2e6ec143
Tags:
n/a
Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/0fd7ba04cc3d16de07e66b3e53fb6d426dfdd7366f2f7b622f6601e0acd78818/results/dashboard
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
anti-debug mingw overlay
Link:
https://www.filescan.io/uploads/67d16e6c4a3011c802ce3db1/reports/9b725fb1-a1dd-4a7b-a382-a3d86662969b/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/0fd7ba04cc3d16de07e66b3e53fb6d426dfdd7366f2f7b622f6601e0acd78818
Score:
100%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/0fd7ba04cc3d16de07e66b3e53fb6d426dfdd7366f2f7b622f6601e0acd78818
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0fd7ba04cc3d16de07e66b3e53fb6d426dfdd7366f2f7b622f6601e0acd78818/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=b7l3ubgmhuln4b7gnm7fh63nijw73vzwn4xxwyrpmya6blgxrama._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery execution
Link:
https://tria.ge/reports/250312-q1w5qstlx9/
Behaviour
Scheduled Task/Job: Scheduled Task
Suspicious behavior: CmdExeWriteProcessMemorySpam
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Drops file in Windows directory
Looks up external IP address via web service
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0fd7ba04cc3d16de07e66b3e53fb6d426dfdd7366f2f7b622f6601e0acd78818

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:Suspicious_Latam_MSI_and_ZIP_Files
Create hunting rule
Author:eremit4, P4nd3m1cb0y
Description:Detects suspicious .msi and .zip files used in Latam banking trojan campaigns.
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SmartLoader

zip 0fd7ba04cc3d16de07e66b3e53fb6d426dfdd7366f2f7b622f6601e0acd78818

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3474697/
  
URLhaus
https://urlhaus.abuse.ch/url/3474698/
  
URLhaus
https://urlhaus.abuse.ch/url/3474738/
  
URLhaus
https://urlhaus.abuse.ch/url/3474743/
  
URLhaus
https://urlhaus.abuse.ch/url/3474739/
  
URLhaus
https://urlhaus.abuse.ch/url/3474742/
  
URLhaus
https://urlhaus.abuse.ch/url/3474740/
  
URLhaus
https://urlhaus.abuse.ch/url/3474741/
  
URLhaus
https://urlhaus.abuse.ch/url/3474746/
  
URLhaus
https://urlhaus.abuse.ch/url/3474748/
  
URLhaus
https://urlhaus.abuse.ch/url/3474745/
  
URLhaus
https://urlhaus.abuse.ch/url/3474747/
  
URLhaus
https://urlhaus.abuse.ch/url/3474803/
  
URLhaus
https://urlhaus.abuse.ch/url/3474805/
  
URLhaus
https://urlhaus.abuse.ch/url/3474806/
  
URLhaus
https://urlhaus.abuse.ch/url/3474811/
  
URLhaus
https://urlhaus.abuse.ch/url/3474812/
  
URLhaus
https://urlhaus.abuse.ch/url/3474810/
  
URLhaus
https://urlhaus.abuse.ch/url/3474823/
  
URLhaus
https://urlhaus.abuse.ch/url/3474824/
  
URLhaus
https://urlhaus.abuse.ch/url/3474826/
  
URLhaus
https://urlhaus.abuse.ch/url/3474917/
  
URLhaus
https://urlhaus.abuse.ch/url/3475612/
  
URLhaus
https://urlhaus.abuse.ch/url/3475614/
  
URLhaus
https://urlhaus.abuse.ch/url/3475617/
  
URLhaus
https://urlhaus.abuse.ch/url/3475621/
  
URLhaus
https://urlhaus.abuse.ch/url/3475626/
  
URLhaus
https://urlhaus.abuse.ch/url/3475627/
  
URLhaus
https://urlhaus.abuse.ch/url/3475640/
  
URLhaus
https://urlhaus.abuse.ch/url/3475643/
  
URLhaus
https://urlhaus.abuse.ch/url/3475645/
  
URLhaus
https://urlhaus.abuse.ch/url/3475648/
  
URLhaus
https://urlhaus.abuse.ch/url/3475647/
  
URLhaus
https://urlhaus.abuse.ch/url/3475649/

Comments