Extracted

• • Target

    57575e347c1ac2eab996ded931a7eb338b624ffcc38ac65f07bbbd159e2c33fc.exe

  • Size

    294KB

  • MD5

    2c636f0382dbdf5e3f70b831a91f3c9d

  • SHA1

    d78fa8ee9784d6e790453dcac03733b47455c238

  • SHA256

    57575e347c1ac2eab996ded931a7eb338b624ffcc38ac65f07bbbd159e2c33fc

  • SHA512

    026ba7081ae503f6461a52212589431d9d80709afa51ba280ba6c901df6025cce5efa21734c65314ce7e34bccc19352931b6a1b19df792e0da3ff813da905eaa

  • SSDEEP

    3072:eTEf0l0OMJisuULt02JdZ599LbayiV1FEGzZsSDSIqh3yLSUEdmBHjBzN:t0lquULLl6VEpuSIqhcSUEo9BzN

  Score

  10^/10

  smokeloadergoodbackdoordiscoverytrojan

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Smokeloader family

    smokeloader

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2