Extracted

• • Target

    fb12a99645d3ede4dcf3c5a0b0120bcb_JaffaCakes118

  • Size

    173KB

  • MD5

    fb12a99645d3ede4dcf3c5a0b0120bcb

  • SHA1

    2bd9fe44567d87f837bbc53efcc6ee9114f172bf

  • SHA256

    bde800ed0a49fc1218bec16d932723c50129f6de01105afaa617bbbab4f30e2e

  • SHA512

    4e51684bd9eb188df3234aed04a31380a635e700a041eedf20f01d5a8761837d763fc71302c019fac443272ddd7d4cb05143f89196678f502c7252ced3a018d7

  • SSDEEP

    3072:jkp4vvgSJ8EvgsprebUGysnTLZsQMBkZnAcfF8EhMqU6zJg/jBQavWH:jc/SG0bpq12XmF8ECP6u/tQavW

  Score

  10^/10

  smokeloader1337backdoorpersistencetrojan

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Core1 .NET packer

    Detects packer/loader used by .NET malware.

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2