MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8476d72de41222cb4f28c088d557c8bbeb32f1af694d7943deb8035ad7d6df3a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SmartLoader


Vendor detections: 5


Intelligence 5 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8476d72de41222cb4f28c088d557c8bbeb32f1af694d7943deb8035ad7d6df3a
SHA3-384 hash: 59f63cd6b896464ec2b211e40d89f790416ae96edc7ba4d947d176ff8d6086c66c1464ae06a6038b3dacecab930993e7
SHA1 hash: 029cdee856d5ee8a915db70c45923f3450dd622f
MD5 hash: 1f6359949e64fe3efd09e6f59b345f71
humanhash: blossom-thirteen-network-tennessee
File name:FortniteSpoofer_3.9.0-alpha.1.zip
Download: download sample
Signature SmartLoader
Create hunting rule
File size:360'282 bytes
First seen:2025-03-14 10:34:55 UTC
Last seen:2025-05-31 00:48:36 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:pNyk580vn3MPZjKop40skiOIuUPsgJV8ZHLO2Y1RZbDGFIPMKseQnJ16DXbfEnm1:pxq0v8lfhiO9+38ZpY1PDGmPWerrEnm1
TLSH T1CE742327885D5702C94954B11DBE1CFC93C2BB8AD32B69494F1837EB941FE8D3B4B254
Magika zip
Reporter tcains1
Tags:SmartLoader zip


Avatar
tcains1
To run it, you need to place all the files from the zip in the same location and then run the .bat file. The file 'libs.txt' contains the malicious code.

Intelligence

File Origin
# of uploads :
3
# of downloads :
70
Origin country :
US US
File Archive Information

This file archive contains 4 file(s), sorted by their relevance:

File name:Launcher.bat
File size:49 bytes
SHA256 hash: 2841559dbd9a2c7317cb0105e66352825ff4929965e8085e10e629879c159854
MD5 hash: b17e103095b225cfa913fb7674f23532
MIME type:text/plain
Signature SmartLoader
File name:lua51.dll
File size:422'972 bytes
SHA256 hash: 012e772e3c72c5f500aab86e78e99afff222bdc8d914bc32bb244ade03d5a486
MD5 hash: 2f0394640486f2ac8dfb23ee05f904a9
MIME type:application/x-dosexec
Signature SmartLoader
File name:luajit.exe
File size:24'935 bytes
SHA256 hash: 30f7bd2e98df2ec3405f3ab4aab5be8f0dc1d9ac638286edf390c4ddb74b4316
MD5 hash: e1bae2b33bbcf7d1dad46f57fe537141
MIME type:application/x-dosexec
Signature SmartLoader
File name:libs.txt
File size:244'682 bytes
SHA256 hash: 3cb6f47bafad0d907e8ce41c4b4fdd40477c55a0ca1c6f44dec0b15084c57831
MD5 hash: 0461b36a91e01dc3e03c6ba0f3a53c75
MIME type:text/plain
Signature SmartLoader
Vendor Threat Intelligence
Verdict:
Clean
Score:
89.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67c0476b4e50050b2e6ec143
Tags:
n/a
Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/8476d72de41222cb4f28c088d557c8bbeb32f1af694d7943deb8035ad7d6df3a/results/dashboard
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
anti-debug mingw overlay
Link:
https://www.filescan.io/uploads/67d40663d2c4beeae9254d5a/reports/8211f950-6bc9-414b-8cb9-f7ce3834f1e2/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/8476d72de41222cb4f28c088d557c8bbeb32f1af694d7943deb8035ad7d6df3a
Score:
100%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/8476d72de41222cb4f28c088d557c8bbeb32f1af694d7943deb8035ad7d6df3a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8476d72de41222cb4f28c088d557c8bbeb32f1af694d7943deb8035ad7d6df3a/
Threat name:
Script-Lua.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-03-14 10:35:10 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
9 of 24 (37.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qr3nolpecirmwtziycenkv6ixpvtf4npnfgxsq66xabvvv6w345a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8476d72de41222cb4f28c088d557c8bbeb32f1af694d7943deb8035ad7d6df3a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:Suspicious_Latam_MSI_and_ZIP_Files
Create hunting rule
Author:eremit4, P4nd3m1cb0y
Description:Detects suspicious .msi and .zip files used in Latam banking trojan campaigns.
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SmartLoader

zip 8476d72de41222cb4f28c088d557c8bbeb32f1af694d7943deb8035ad7d6df3a

(this sample)

  
Link
https://www.trendmicro.com/en_us/research/25/c/ai-assisted-fake-github-repositories.html
Malpedia
Malpedia
https://malpedia.caad.fkie.fraunhofer.de/details/win.smartloader
  
Link
https://threatfox.abuse.ch/ioc/1447014/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3476824/
  
URLhaus
https://urlhaus.abuse.ch/url/3476826/
  
URLhaus
https://urlhaus.abuse.ch/url/3476827/
  
URLhaus
https://urlhaus.abuse.ch/url/3476828/
  
URLhaus
https://urlhaus.abuse.ch/url/3476830/

Comments