MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 da2a180c55bcd98dae36910b005c7f9ea2494cf9811dcdc78c5c9a7c828b39bb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SmartLoader


Vendor detections: 4


Intelligence 4 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: da2a180c55bcd98dae36910b005c7f9ea2494cf9811dcdc78c5c9a7c828b39bb
SHA3-384 hash: c4a82f9d74e0204063bb69229e5f133ec9eeeaea595dd730a3362d38cee42ad7dd1100aac7f59b1aa2be44ee90eec368
SHA1 hash: ef3553610ed691f175064d65a00c68faa80bc0b0
MD5 hash: d3f99725b09821f72ce11258ade25393
humanhash: happy-salami-six-rugby
File name:FortniteSpoofer-3.4.8.zip
Download: download sample
Signature SmartLoader
Create hunting rule
File size:359'716 bytes
First seen:2025-03-17 11:17:39 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:DFidFpN9nyYpNOFNvK1fuUPsgJV8ZHLO2Y1RZbDGFIPMKseQnJ16DXbfEnmh3+:Qv9tN2NvB+38ZpY1PDGmPWerrEnmt+
TLSH T174742346C53F5B098D4878334AFF58D9C2A16FDDE21DBA0A2F1473DF911498C284F9A4
Magika zip
Reporter tcains1
Tags:SmartLoader zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
US US
File Archive Information

This file archive contains 4 file(s), sorted by their relevance:

File name:lua51.dll
File size:422'972 bytes
SHA256 hash: 012e772e3c72c5f500aab86e78e99afff222bdc8d914bc32bb244ade03d5a486
MD5 hash: 2f0394640486f2ac8dfb23ee05f904a9
MIME type:application/x-dosexec
Signature SmartLoader
File name:luajit.exe
File size:24'935 bytes
SHA256 hash: 30f7bd2e98df2ec3405f3ab4aab5be8f0dc1d9ac638286edf390c4ddb74b4316
MD5 hash: e1bae2b33bbcf7d1dad46f57fe537141
MIME type:application/x-dosexec
Signature SmartLoader
File name:conf.txt
File size:242'921 bytes
SHA256 hash: ad2dfa432c175b7bad0b73fad45943c472d10ef0c7cf2e3e7d34567fd5f10ba1
MD5 hash: 3c781679d00446c6f674da51ae62d991
MIME type:text/plain
Signature SmartLoader
File name:Application.bat
File size:71 bytes
SHA256 hash: e8e09b34dea809bc984ba4602f4699a1ec76fa42e7a36279e0d7f3e3de5e9f18
MD5 hash: ebce2046ef5fc8d24b34073865b76125
MIME type:text/plain
Signature SmartLoader
Vendor Threat Intelligence
Verdict:
Clean
Score:
89.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67c0476b4e50050b2e6ec143
Tags:
n/a
Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/da2a180c55bcd98dae36910b005c7f9ea2494cf9811dcdc78c5c9a7c828b39bb/results/dashboard
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
anti-debug mingw overlay
Link:
https://www.filescan.io/uploads/67d804f701edd28374b20fc5/reports/f48ac40b-96a5-4a1c-b91a-9ca15615450c/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/da2a180c55bcd98dae36910b005c7f9ea2494cf9811dcdc78c5c9a7c828b39bb
Score:
100%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/da2a180c55bcd98dae36910b005c7f9ea2494cf9811dcdc78c5c9a7c828b39bb
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/da2a180c55bcd98dae36910b005c7f9ea2494cf9811dcdc78c5c9a7c828b39bb/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3ivbqdcvxtmy3lrwsefqaxd7t2resthzqeo43r4mlsnhzaulhg5q._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery execution
Link:
https://tria.ge/reports/250317-ts35vsxpz3/
Behaviour
Scheduled Task/Job: Scheduled Task
Suspicious behavior: CmdExeWriteProcessMemorySpam
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Drops file in Windows directory
Looks up external IP address via web service
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/da2a180c55bcd98dae36910b005c7f9ea2494cf9811dcdc78c5c9a7c828b39bb

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:Suspicious_Latam_MSI_and_ZIP_Files
Create hunting rule
Author:eremit4, P4nd3m1cb0y
Description:Detects suspicious .msi and .zip files used in Latam banking trojan campaigns.
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SmartLoader

zip da2a180c55bcd98dae36910b005c7f9ea2494cf9811dcdc78c5c9a7c828b39bb

(this sample)

SmartLoader

Java Script (JS) js e6b191061fb057d283b47aeb0baf770c7509b6512994a834634ac2edab30d3c6

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3480196/
  
URLhaus
https://urlhaus.abuse.ch/url/3480195/
  
URLhaus
https://urlhaus.abuse.ch/url/3480197/
  
URLhaus
https://urlhaus.abuse.ch/url/3480193/
  
URLhaus
https://urlhaus.abuse.ch/url/3480198/
  
URLhaus
https://urlhaus.abuse.ch/url/3480194/
  
URLhaus
https://urlhaus.abuse.ch/url/3480237/
  
URLhaus
https://urlhaus.abuse.ch/url/3480244/
  
URLhaus
https://urlhaus.abuse.ch/url/3480268/
  
URLhaus
https://urlhaus.abuse.ch/url/3480336/
  
URLhaus
https://urlhaus.abuse.ch/url/3480335/
  
URLhaus
https://urlhaus.abuse.ch/url/3480337/
  
Dropping
SHA256 e6b191061fb057d283b47aeb0baf770c7509b6512994a834634ac2edab30d3c6
  
Dropping
MD5 d4814541b700b06eacbe86f4622e9ec7

Comments