Extracted

Extracted

• • Target

    9e697e73ca8efcc8b76313624967e496bd12c462b2fde7c87e34bad408bf38d1

  • Size

    355KB

  • MD5

    bc314ded7cad370c7cb70d2399afac67

  • SHA1

    50e73ddc8079f1bebbb7fb3ac44af7cf84e64fd0

  • SHA256

    9e697e73ca8efcc8b76313624967e496bd12c462b2fde7c87e34bad408bf38d1

  • SHA512

    d66ef15347ffbce0bd4d4ca43e61d7bd2c79cdc297eae4379f71143705c5f98f9a569f370bc32f715c493bd201718d3b677203e7fb62354451e154315251ba69

  • SSDEEP

    6144:4bW+5I3l405JVaYUwJhKFoPGmaKuq6krXDzv09t:zUIVfVUEhlPGk/PrXvY

  Score

  10^/10

  smokeloader0024backdoorcollectionevasiontrojan

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Downloads MZ/PE file

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Accesses Microsoft Outlook profiles

    collection
  behavioral1