Extracted

• • Target

    5980b56cb771a56bf3e5120bea3ad3fc15841a4e9e229ef268becc83dff0eb5c

  • Size

    210KB

  • MD5

    220489680dbf4de2c1da3a064a36fc09

  • SHA1

    08273aa012e2df518d35dc1a93e40536cd5fc963

  • SHA256

    5980b56cb771a56bf3e5120bea3ad3fc15841a4e9e229ef268becc83dff0eb5c

  • SHA512

    9dbf1e4e5d2b80e951d26231ce738eb927f5b688456e3b073ce3e9deb8b82cf657d42298373cc10dde9b903616c53070cb80cf364f4ddae1bbdbca0b86edc44f

  • SSDEEP

    3072:NY5iDLFOcRwFYLVnaWzf57zEuoH2sw0cc6N120+cpBRQxax:NYYDhfRwmLVnaYE9xw0cLK0+cpBRQE

  Score

  10^/10

  nymaimsmokeloaderbackdoorbootkitpersistencetrojan

  • Detects Smokeloader packer

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Deletes itself

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  behavioral1