Extracted

• • Target

    835089cc52af94cdcdf26ab335f8a4fe4719071746539acf472579fa2fc8e4f9

  • Size

    248KB

  • MD5

    aba61284cec3036dae80ece91256cf35

  • SHA1

    1ccbcd2605d623ada8ecbcace5c1ff1f082c9e2d

  • SHA256

    835089cc52af94cdcdf26ab335f8a4fe4719071746539acf472579fa2fc8e4f9

  • SHA512

    8f57b93b11df6d5aa2686afeb156310bea2f65ed6e17f6b27d1a5089a0d729057f255c9169d797f62c72263ccd4a90fa7203708ebaf3c13521825e1f65a42331

  • SSDEEP

    3072:bnwpjZ/aX+tl/w8aKwg/6K0HXDZh/TKHXwdDlsv5HyVSeR/:Epd/aX+t9w8av13D7/TK3nYR

  Score

  10^/10

  smokeloadersystembcbackdoorpersistencetrojan

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2