Rewterz Threat Alert – SmokeLoader Malware – Active IOCs

Severity

Medium

Analysis Summary

Smokeloader is a popular bot and a veteran in its field, this piece of malware is used mainly for loading other malicious software, usually obtained from a third party. At the same time, it has the capability of loading its own modules, allowing it to conduct a variety of actions without the usage of external components. The seller of Smokeloader (which is known by the handle SmokeLdr) is active in providing this malware as a service to this date.

Impact

• Information Theft
• Exposure of Sensitive Data

Indicators of Compromise

MD5

• c4a7b64813c8e57198670a76afb73996
• ac381ed9d515babae30176a7daa1bb69
• 077496cb42014387e8781c100aab4b72
• 05979f1e7a741bfb32af8dde6b0d53a7
• 3c38f1e28de260162c04f495fb356acf
• afb53ed8919416e84de41add492e5e45
• b2bc458f777667b1da92ce555ebca20e
• e05d095389ccbb405fd16f49f3c69bb0

SHA-256

• 538d3533398c3f0adbd59483ced973cf35803de5e9356e8dafb5f6bea4049a30
• 1ef493ded6ef9a2510a901032b9f2f0fd5e13143e2a57542c6fe656efd946332
• 9ed81a80ff7b51eed1be9022a43e2cf6dcd6c6c74dbbda497deacdf627e20587
• e35984a57082baaa547ef6229bd1a3143510f041323f73a4d1ce001edb1f9a30
• 546999c44230a0d1ac480138772713b91c31662edd30c286ab8f8bd35baba2fe
• 3fdf21f7ad2430c552a8dc34c6fbaf82d95a0f44b9a7bd514d89ad3d074d345f
• 2366fbd5724e9da7e42dcf3a2ca9a6d72940fb02f50520e9333a6007543d133c
• 92ba8383ed7118beeb3c5a8ee0656c7437cdf8658bcc62342dfe41a3a08a8595

SHA-1

• f531e572031911cbb5b8d5c5c69def2c6e085223
• ef26c60086ec2bd508f7e499d5abfb6637d753bd
• 12d472f3382b8601ac64f056f3624682a1ed22ba
• 46eff608f9245eac91918adca566666155496da0
• 95175ca5d82b1cf9fc9378775b4092985c6ae2a3
• bd3ab93a28c9229018c3e80998ae30c6a1463416
• 9852841a0c18d629f32fcb8aee8064be101523cb
• c13a7446bb233901a5f0d04161723fadb310f9f8

Remediation

• Exercise caution when receiving messages from unknown senders.
• Block all threat indicators at your respective controls.
• Keep your software updated to the latest patches.
• Search for IOCs in your environment.