Extracted

• • Target

    22e12bfd3f640ae693f9494a8697b36266e936b7481b236c9c9fbb9da0deaf59

  • Size

    335KB

  • MD5

    928175aaccf82dc75a762bb66e110d1e

  • SHA1

    f45d761711ee3a545936a5e449f80f551d091aa8

  • SHA256

    22e12bfd3f640ae693f9494a8697b36266e936b7481b236c9c9fbb9da0deaf59

  • SHA512

    113aa8b582495e0a7700a8e2a12319cd25f07123b6057c4df16c70ad7b395e2ab213635c6127b2cc7b36442d9f789a5bb37a7680f9043a5c8a714a91731436fa

  • SSDEEP

    6144:ON7wszXoD/nn5MDUC4mWqd4ra1adyRJFXoK7xEfsIDOwGG8VflEERHIB9V:ON8sjoDxC4GaPkJ9F10qwGvHIB/

  Score

  10^/10

  discoverysmokeloaderbackdoortrojan

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Smokeloader family

    smokeloader

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  behavioral1behavioral2