MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d069c2eae59a5c7ad0c5de361220ff91ff228137812ed5cfd465df1a120ac3ea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SmartLoader


Vendor detections: 6


Intelligence 6 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d069c2eae59a5c7ad0c5de361220ff91ff228137812ed5cfd465df1a120ac3ea
SHA3-384 hash: 763942fb465e42695bdedd16fe7702d110c4b5bf66fc417eaa4c6271af16fbfff8b0d0d9091f2779fe0d2d6724a21799
SHA1 hash: 419d95885aeafc103ac1123b2d5755562d9c643b
MD5 hash: 7cf2af491d86f59c02ae360103fa72cf
humanhash: six-october-thirteen-finch
File name:Software.zip
Download: download sample
Signature SmartLoader
Create hunting rule
File size:404'978 bytes
First seen:2024-12-02 02:33:56 UTC
Last seen:2025-03-24 10:54:38 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:Z0MhZfSlRF09Gpdsoq9/6j01qp3UYjTheGEij:ZbolR69GpdysP/8Lw
TLSH T1FB84232E451DE613DBBB283A740925034330E8CB7B05B6943AD41A9EF3976935EE9F05
Magika zip
Reporter Anonymous
Tags:SmartLoader zip

Intelligence

File Origin
# of uploads :
3
# of downloads :
113
Origin country :
BR BR
File Archive Information

This file archive contains 4 file(s), sorted by their relevance:

File name:Application.bat
File size:23 bytes
SHA256 hash: b4144587a8122e693c25dce818739cb9f13ba8392fbd770c227e4418b377de34
MD5 hash: 044c3e9f701b04bab8588525529ddf4d
MIME type:text/plain
Signature SmartLoader
File name:asset.txt
File size:306'113 bytes
SHA256 hash: 884f1552fe526d72f01035f8fd1b565d254b52fbbfcb6cb034f34598794f7d7d
MD5 hash: 00ba06448d5e03dfbfa60a4bc2219193
MIME type:text/plain
Signature SmartLoader
File name:lua.exe
File size:203'264 bytes
SHA256 hash: c21e21a708f5c4760577a760fcb62f73163af94cf44cb33d8a4d1bfa58421ea8
MD5 hash: 84100e7d46df60fe33a85f16298ee41c
MIME type:application/x-dosexec
Signature SmartLoader
File name:lua51.dll
File size:327'680 bytes
SHA256 hash: f95954e061ad9e37afacb0c849f249d196d0247be9277b899e6a9b295035c7a6
MD5 hash: e7e338c9517888e3b484f65f2874a33d
MIME type:application/x-dosexec
Signature SmartLoader
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.74847598.24093.28639.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=674d1e18e64d1c722d7b29aa
Tags:
virus
Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/d069c2eae59a5c7ad0c5de361220ff91ff228137812ed5cfd465df1a120ac3ea/results/dashboard
Gathering data
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/d069c2eae59a5c7ad0c5de361220ff91ff228137812ed5cfd465df1a120ac3ea
Score:
84%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/d069c2eae59a5c7ad0c5de361220ff91ff228137812ed5cfd465df1a120ac3ea
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d069c2eae59a5c7ad0c5de361220ff91ff228137812ed5cfd465df1a120ac3ea/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2024-10-25 03:59:05 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
9 of 24 (37.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2bu4f2xftjohvugf3y3beih7sh7sfajxqexnlt6umxprueqkypva._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery
Link:
https://tria.ge/reports/241202-gx6ekaykcj/
Behaviour
Scheduled Task/Job: Scheduled Task
Suspicious behavior: CmdExeWriteProcessMemorySpam
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Drops file in Windows directory
Looks up external IP address via web service
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d069c2eae59a5c7ad0c5de361220ff91ff228137812ed5cfd465df1a120ac3ea

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SmartLoader

zip d069c2eae59a5c7ad0c5de361220ff91ff228137812ed5cfd465df1a120ac3ea

(this sample)

  
Delivery method
Distributed via web download

Comments