Extracted

Extracted

• • Target

    19f543508b49938952641b3d258d1a035e37c06d0ab235a7fa7f9eec7792467b

  • Size

    330KB

  • MD5

    a450a36b6cc1810a557f16bb7612448f

  • SHA1

    95123691fc48aba02444a98505ae2e67168576a8

  • SHA256

    19f543508b49938952641b3d258d1a035e37c06d0ab235a7fa7f9eec7792467b

  • SHA512

    38e450642822008b3b6ab1b7ae8c66e91259035d2395c62056d6d66c09fb2a38cac55e014bdc6f9d00baa9cdf0539cae3e5c9d4a07c15ffdef65ce986a3c8d30

  • SSDEEP

    3072:n99xdXAythy6G8FK1Zyq0HWpT+crzuXV6qnE5Yfk1rtk5s0co5GOZRObzebpLkCd:9Oahy6G8FLqsWrKVB0Yfk1Ki0coKbKa

  Score

  10^/10

  smokeloaderup4backdoorpersistencetrojan

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Modifies Installed Components in the registry

    persistence

  • Deletes itself

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1