Extracted

Extracted

• • Target

    0cdb3c1c13987b9206aff17db672f7de.exe

  • Size

    214KB

  • MD5

    0cdb3c1c13987b9206aff17db672f7de

  • SHA1

    e1201e013a33a7267316ad56a644dcd19fb3ce4c

  • SHA256

    306c89756cc1899b6f76dd3e7b68dcb0b4581a152f14df79ff167f0627c85424

  • SHA512

    f936936ace302984e7d2494d2d8d2b018333b9ae8a635cfdf2028d57ffaff4c67507cb62d9848d1ad98d4e5b70fd8109b2a4b19b6fa1400578b25ead5eaf2423

  • SSDEEP

    6144:AjSjtrLocGy2hDyqmo6vU8H5vOuWcGTE:AgscGlkqm/lH5vb+

  Score

  10^/10

  netsupportsmokeloaderpub1backdoorrattrojan

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Downloads MZ/PE file

  • Deletes itself

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2