Extracted

Extracted

• • Target

    e814e9678f39ab652ccf4f022d26b92cc5f157a4ad3c88000b3e03eefb192d22

  • Size

    289KB

  • MD5

    14136f803ec027860729f4cf0d79b564

  • SHA1

    4b7b39a80d40c5e051d059edd1f9ad3bca4c3a2c

  • SHA256

    e814e9678f39ab652ccf4f022d26b92cc5f157a4ad3c88000b3e03eefb192d22

  • SHA512

    a67dd6fb6978768cc4b4d07d2ccb8dcc26b842067010d566951cd6ce918a082160dbe415d99adf1255056df0fca543ba226ba97074deaa4c25236254991ba65a

  • SSDEEP

    3072:uYJqYcIZaY/0OqESOniSxnJ9GBZPpGW8j+wGE8m526trv5kVyBk3eFx/RvfB:X48Za00OCQignPQZPc/K6px

  Score

  10^/10

  smokeloaderup4backdoorpersistencetrojan

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Modifies Installed Components in the registry

    persistence

  • Deletes itself

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1