MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b79c66c6982c75deccdac850f7fc0ac60449eebb03ee85fd805053aa706adc63. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SmartLoader


Vendor detections: 6


Intelligence 6 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b79c66c6982c75deccdac850f7fc0ac60449eebb03ee85fd805053aa706adc63
SHA3-384 hash: 7ef95bb2c223a164e77b0bec45e87727362d785bdd81c1d4293c76a2d46e8cc2fa0c661f73a310d7e7ede8b300dcea8b
SHA1 hash: e1d5c2344d204253932ae0bb57e87927db535394
MD5 hash: d21356df6a0d099548faa67b995e0cd8
humanhash: mountain-floor-mississippi-mirror
File name:Software.zip
Download: download sample
Signature SmartLoader
Create hunting rule
File size:355'881 bytes
First seen:2025-03-12 12:15:56 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:BpV2WkkQPkKrdMHE8yLPleNaW/51o8Zyr00tfcR+Hd1mTb3R9mPA:EkgkKxMU9IaG51o8Zyr00tk0uTRUA
TLSH T1007423B8CB458152F1C2329DF12106EF2B362BB529266CF2D8633876F95C64F79C2664
Magika zip
Reporter tcains1
Tags:js SmartLoader zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
471
Origin country :
US US
File Archive Information

This file archive contains 4 file(s), sorted by their relevance:

File name:Launch.bat
File size:35 bytes
SHA256 hash: 3e81095c7d6ea93ef9e288aa92c1f1bac358ee9d591e67371d289f81231d5bae
MD5 hash: 097cfba4e4573cb8351bc9b58ed72d95
MIME type:text/plain
Signature SmartLoader
File name:lua51.dll
File size:422'972 bytes
SHA256 hash: 012e772e3c72c5f500aab86e78e99afff222bdc8d914bc32bb244ade03d5a486
MD5 hash: 2f0394640486f2ac8dfb23ee05f904a9
MIME type:application/x-dosexec
Signature SmartLoader
File name:userdata.txt
File size:240'167 bytes
SHA256 hash: 5ad575b6d5a79a41fa37fa07b4c72744cbf402c14947788e26e3dbd1f4403baa
MD5 hash: 64f486a3164db9ed7af9c4ad7ccd268c
MIME type:text/plain
Signature SmartLoader
File name:luajit.exe
File size:24'935 bytes
SHA256 hash: 30f7bd2e98df2ec3405f3ab4aab5be8f0dc1d9ac638286edf390c4ddb74b4316
MD5 hash: e1bae2b33bbcf7d1dad46f57fe537141
MIME type:application/x-dosexec
Signature SmartLoader
Vendor Threat Intelligence
Verdict:
Clean
Score:
84.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67d182e1dff6bd921908814a
Tags:
n/a
Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/b79c66c6982c75deccdac850f7fc0ac60449eebb03ee85fd805053aa706adc63/results/dashboard
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
anti-debug mingw overlay
Link:
https://www.filescan.io/uploads/67d17b0f3c5f644bd94f2485/reports/74ffe2f0-2d23-423a-9fe3-07f36ef0a3b1/overview
Verdict:
Malicious
Link:
https://www.hybrid-analysis.com/sample/b79c66c6982c75deccdac850f7fc0ac60449eebb03ee85fd805053aa706adc63
Score:
99%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/b79c66c6982c75deccdac850f7fc0ac60449eebb03ee85fd805053aa706adc63
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b79c66c6982c75deccdac850f7fc0ac60449eebb03ee85fd805053aa706adc63/
Threat name:
Win32.Trojan.Smartloader
Create hunting rule
Status:
Malicious
First seen:
2025-01-29 23:08:26 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=w6ognruyfr255tg2zbipp7akyycet3v3apxil7makbj2u4dk3rrq._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery execution
Link:
https://tria.ge/reports/250312-q1xfhasscw/
Behaviour
Scheduled Task/Job: Scheduled Task
Suspicious behavior: CmdExeWriteProcessMemorySpam
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Drops file in Windows directory
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b79c66c6982c75deccdac850f7fc0ac60449eebb03ee85fd805053aa706adc63

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:Suspicious_Latam_MSI_and_ZIP_Files
Create hunting rule
Author:eremit4, P4nd3m1cb0y
Description:Detects suspicious .msi and .zip files used in Latam banking trojan campaigns.
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SmartLoader

zip b79c66c6982c75deccdac850f7fc0ac60449eebb03ee85fd805053aa706adc63

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3474749/

Comments