Extracted

Extracted

• • Target

    b48773d15d2b3d75b90c045fc0e801bc7f20062281a0e2a8d7ac4e6364debe7c

  • Size

    268KB

  • MD5

    1a32b483f1e2bea874f739753ee2f660

  • SHA1

    a967c5efee45bacd09ec4b661eb39871c9a36789

  • SHA256

    b48773d15d2b3d75b90c045fc0e801bc7f20062281a0e2a8d7ac4e6364debe7c

  • SHA512

    b804123cdf4ab07ff4694e8b5e44719e899b18fcbdbc1cb6625027785f927be6df16426ed22de5f911edbaa364a28d88d3f8e3cfa2f5db5b84a9f20adf79619c

  • SSDEEP

    3072:T/E/QMmXj/mpf5EbJKGnohmo827UobSWy3wTj2E5h6cccN/ZZ:w/+Xj/mR5IJamd2A7Wy3w/vf

  Score

  10^/10

  smokeloaderup4backdoorpersistencetrojan

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Modifies Installed Components in the registry

    persistence

  • Deletes itself

  • Executes dropped EXE

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2