Extracted

Extracted

• • Target

    6bcbbfac4eb7dbecb5a44983645a75db.exe

  • Size

    240KB

  • MD5

    6bcbbfac4eb7dbecb5a44983645a75db

  • SHA1

    06335c12d2dc398efa4956674628debaf8a22b39

  • SHA256

    f73c2ff7df05fca90c08e6ac7a30b97f56a5f62ddc1aed09e0970dc416f995aa

  • SHA512

    550b13098d9842bc79b441721b6a93f085d75c274d7b5e0387fae87f9cf5a3566fb13694b5369149e093cb41a109fa015a9698f0553827c8c46c864083a54a33

  • SSDEEP

    3072:SR9BalQW+4t/2Rxpw3qcBsWkW+Nm/WXdJgr5QbgaHbWk18tKbTD94nXU3XnSo1s:SQEe619WZLSbgaH780pyXUSo

  Score

  10^/10

  smokeloaderpub1backdoorpersistencetrojan

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Modifies Installed Components in the registry

    persistence

  • Deletes itself

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2