Extracted

• • Target

    bestthingsalwaysgetbesrentirelifethingstogdomybetterthignswithgreat.hta

  • Size

    178KB

  • MD5

    05dcffe1d8e8e209a90b522192ad8000

  • SHA1

    77c19b392d39bce4906b5c4e5f1ab0a0c9182dc7

  • SHA256

    35717c891450767af251ec90a7c05ffd407d7b2d2897d96c176c51b5b8a156b5

  • SHA512

    11eafd5f126bb4873ec7be1dc6fe7246f3de8324c413073bc914827695ed1db1bb9b6e870414c0d4aba990a6a817d6c029f7aa02e5061434dcdb965a378b5734

  • SSDEEP

    48:4vahW5oZz7eWLB2ZfywyQhhY1ywyQbD6ngS5RJCS0d399Dd5nCYmIYZAjo3ueufc:4vCl17ZtQjtQhVFlfnnCO4AjovtQX5Q

  Score

  10^/10

  defense_evasiondiscoveryexecutionsmokeloaderbackdoortrojan

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Smokeloader family

    smokeloader

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Evasion via Device Credential Deployment

    defense_evasionexecution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2