Extracted

Extracted

• • Target

    d8fd917448afb720cea4a8d37851b83997f365eee217246390a4fe7387d2f041

  • Size

    253KB

  • MD5

    7d2217eca0ef6f12b0e06fc85dba8ada

  • SHA1

    f967afb3a79e1f697e974e092fad4c3f5a5cb010

  • SHA256

    d8fd917448afb720cea4a8d37851b83997f365eee217246390a4fe7387d2f041

  • SHA512

    41e9c82e14297bea8f5aef866704a8ee1a6cf27f353a35a01a66ce8d0acd4794a9edb8afb4ad60b13fc0300b67792df7839d8fc5cbb8eaebf72533d57eba3482

  • SSDEEP

    3072:dsvRWqARvE750Rpydv7nkKqwMZz95pikXAAerX2jDUA6u/RpR9rE:jq4E1ApOv7nk7ukQ2jYA6u91

  Score

  10^/10

  smokeloaderup4backdoorpersistencetrojan

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Modifies Installed Components in the registry

    persistence

  • Deletes itself

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1