MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dfa63724dafde66f0aa424330d7e2e9a15134bd877f9d41d09e8581419409d88. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SmartLoader


Vendor detections: 3


Intelligence 3 IOCs YARA 8 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dfa63724dafde66f0aa424330d7e2e9a15134bd877f9d41d09e8581419409d88
SHA3-384 hash: 3f15e727b36ab28a433953162380a86f6ca553e02223918bf3359769bc2ca1b4f93bf9ac594bd4e58204421acf40cf1a
SHA1 hash: b48b93428d0cf03e11acf39d66e5a0c2c9411b76
MD5 hash: 4f2458aa2b58add4567c5c6c3a14983a
humanhash: shade-low-spring-triple
File name:stellar-data-recovery-pro-free-v1.2.5-alpha.5.zip
Download: download sample
Signature SmartLoader
Create hunting rule
File size:1'328'994 bytes
First seen:2025-04-07 20:57:30 UTC
Last seen:2025-05-16 11:57:12 UTC
File type: zip
MIME type:application/zip
ssdeep 24576:OvlCZf7e3Q6OQ/QxTJ7ILzYlsRhjw6LCvavtxU6bJOt3ztV3lz/S:OvleRxTN+ke3eSvFJujzlDS
TLSH T10855335116A988EFD5FF6540BEB2DCC8552F35B6FFDD168A80083370992E0267EF9281
Magika zip
Reporter aachum
Tags:SmartLoader zip


Avatar
iamaachum
https://github.com/macros31/Stellar-Data-Recovery-Pro-Free/releases/download/v1.2.5-alpha.5/stellar-data-recovery-pro-free-v1.2.5-alpha.5.zip

SmartLoader C2:
https://polygon-rpc.com/
http://89.169.12.42/api/YTAsODYsODIsOWQsYTEsODgsOTAsOTUsNjUsN2Qs

Intelligence

File Origin
# of uploads :
2
# of downloads :
114
Origin country :
ES ES
File Archive Information

This file archive contains 4 file(s), sorted by their relevance:

File name:lua.exe
File size:100'900 bytes
SHA256 hash: 5343326fb0b4f79c32276f08ffcc36bd88cde23aa19962bd1e8d8b80f5d33953
MD5 hash: 00f60ee3ff2dee681b5d7d442009b2c2
MIME type:application/x-dosexec
Signature SmartLoader
File name:lua51.dll
File size:3'531'914 bytes
SHA256 hash: c7a657af5455812fb215a8888b7e3fd8fa1ba27672a3ed9021eb6004eff271ac
MD5 hash: 4ebd617a3ad9a9619172bd14a902a400
MIME type:application/x-dosexec
Signature SmartLoader
File name:x64.txt
File size:329'864 bytes
SHA256 hash: e54c84b92f1d3dc537d760bff0d089f7a338a45c40b0b4bc8333e084543fe808
MD5 hash: 308847fd505d18e7d7aca1b8ac797446
MIME type:text/plain
Signature SmartLoader
File name:Launcher.cmd
File size:31 bytes
SHA256 hash: 9b3d305f2510e3891d0d2f07e8f89d839c7cded603684000c8d728e29723e939
MD5 hash: edf37fa052187c0a6f0571a199439746
MIME type:text/plain
Signature SmartLoader
Vendor Threat Intelligence
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67dee0f2518d210202e7f253
Tags:
n/a
Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/dfa63724dafde66f0aa424330d7e2e9a15134bd877f9d41d09e8581419409d88/results/dashboard
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/dfa63724dafde66f0aa424330d7e2e9a15134bd877f9d41d09e8581419409d88
Score:
72%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/dfa63724dafde66f0aa424330d7e2e9a15134bd877f9d41d09e8581419409d88
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dfa63724dafde66f0aa424330d7e2e9a15134bd877f9d41d09e8581419409d88/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=36tdojg27xtg6cveeqzq27rotikrgs6yo745ihij5bmbigkatwea._file
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Capability_Embedded_Lua
Create hunting rule
Author:Obscurity Labs LLC
Description:Detects embedded Lua engines by looking for multiple Lua API symbols or env-var hooks
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:HUNTING_SUSP_TLS_SECTION
Create hunting rule
Author:chaosphere
Description:Detect PE files with .tls section that can be used for anti-debugging
Reference:Practical Malware Analysis - Chapter 16
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
Rule name:vmdetect
Create hunting rule
Author:nex
Description:Possibly employs anti-virtualization techniques

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SmartLoader

zip dfa63724dafde66f0aa424330d7e2e9a15134bd877f9d41d09e8581419409d88

(this sample)

unknown e54c84b92f1d3dc537d760bff0d089f7a338a45c40b0b4bc8333e084543fe808

  
Link
https://tria.ge/250407-zpfs2svvat/behavioral1
  
Delivery method
Distributed via web download
  
Dropping
SHA256 e54c84b92f1d3dc537d760bff0d089f7a338a45c40b0b4bc8333e084543fe808
  
Dropping
MD5 308847fd505d18e7d7aca1b8ac797446

Comments