Extracted

Extracted

• • Target

    d230a44e2e8bac493f6a71ef0a80dd7f8d8ec169d3c7252e870700665968d688

  • Size

    245KB

  • MD5

    75c6082de062c49a833fb3e81e60c877

  • SHA1

    81f7e722cfa8b99280cb0118c2b0d0cd5e827707

  • SHA256

    d230a44e2e8bac493f6a71ef0a80dd7f8d8ec169d3c7252e870700665968d688

  • SHA512

    857474e36c785fda7fd1b66ebdab59ec40d23000089d66d8b156f41426ce7fc0834f77c5129e3431aee88e14580e8bbf6faf8f106c8cf18f05516de62951bf93

  • SSDEEP

    3072:CgEc6LWbxGyXhDBFJY3Kr/GTUAF+rtvTXRtFfwGG39in4:cc6L0xRDBFrGg33FfwGGM

  Score

  10^/10

  smokeloaderup4backdoorpersistencetrojan

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Modifies Installed Components in the registry

    persistence

  • Deletes itself

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2