Extracted

• • Target

    894a882987a059912caf2f050e78c3cf2a470b7f3c2a4a8a0af9e9c4b66fd080

  • Size

    303KB

  • MD5

    9a86d53354c9fdcfd27b23930581db19

  • SHA1

    20bc69c4dc6c6758fe6c32fdc2c9faa74a8ee7c7

  • SHA256

    894a882987a059912caf2f050e78c3cf2a470b7f3c2a4a8a0af9e9c4b66fd080

  • SHA512

    032c987e219dcbb337733ffa16068b01fba6ba8ddc46886dc9c7f84c13128de06695589e9a1b018aed1240c3d3da45c03620a8486fec6364395d34d8af40aeb3

  • SSDEEP

    6144:dFV2VqWlb2HYjE+Q5AZu7mA22tThsIeGjY6:kkWlbNjqAZxA22ZVE

  Score

  10^/10

  smokeloadersystembcbackdoortrojan

  • Detects Smokeloader packer

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1