Extracted

Extracted

• • Target

    ab9a43ff120eb2b35632da18df7e18371b40f919820d65d75dc677779b694e8a

  • Size

    216KB

  • MD5

    b9345fb76e134027c97e70ac91bf461e

  • SHA1

    b66904fa8110d1fa3152d7fabf66f4ece8ce3f54

  • SHA256

    ab9a43ff120eb2b35632da18df7e18371b40f919820d65d75dc677779b694e8a

  • SHA512

    500c16fe93ada1625e77b702d1b06debae62946372eb7d566a4c1491d223e18f2b859dfbc8ab919064b8f8d0047a11eba1ab67d3ac03c611fa1b03a0ff1ccd8a

  • SSDEEP

    3072:ry044dvbjumOLwBVDeYi5rf+EfzbR0OVrp3CemGH9Dzl7:OivuvLwXD1i5jzfHR0Crb/dl

  Score

  10^/10

  smokeloaderup4backdoorpersistencetrojan

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Modifies Installed Components in the registry

    persistence

  • Deletes itself

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1