Skip to content
MalwareWiki

Malware

SMOKEDHAM

According to Mandiant, SMOKEDHAM is dropped through a powershell script that contains the (C#) source code for this backdoor, which is stored in an encrypted variable.

According to Mandiant, SMOKEDHAM is dropped through a powershell script that contains the (C#) source code for this backdoor, which is stored in an encrypted variable. The dropper dynamically defines a cmdlet and .NET class for the backdoor, meaning the compiled code is only found in memory.

Family metadata imported from Malpedia (Fraunhofer FKIE).