March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Remcos RAT – Active IOCs
September 14, 2021Rewterz Threat Alert – NJRAT – Active IOCs
September 14, 2021Rewterz Threat Alert – Remcos RAT – Active IOCs
September 14, 2021Rewterz Threat Alert – NJRAT – Active IOCs
September 14, 2021
Severity
Medium
Analysis Summary
Smokeloader is a popular bot and a veteran in its field, this piece of malware is used mainly for loading other malicious software, usually obtained from a third party. At the same time, it has the capability of loading its own modules, allowing it to conduct a variety of actions without the usage of external components. The seller of Smokeloader (which is known by the handle SmokeLdr) is active in providing this malware as a service to this date.
Impact
- Information Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 572e64308196780d097dea11fde8a149
- ec59d76d92c8f4117989dc61ccc37aeb
- e6ba156119bc54b97b894157308c8257
- c94579acb2e1c6bde5835999ca037f7f
SHA-256
- c88d90ab7e74383b46c41cc01a5ec7065c4e40cff87fb0c619bb7421704e8af9
- 3d4d2a75d15341ea1de115920b0e9bdcfc3bdd5d95abd8ae123d45ee9c816ac8
- c3a531b033c64288b46b1d6f75a291efacffe17c4398a1c78645d8a6d105525b
- 2358fc86dcacf8ca556510cc0733424f19016b39cf936fcf5c8d0b2cdc655f65
SHA-1
- 56d5cde6cf04258bcc567183cec091edd87cce99
- d08e437efc9b1ccb3563a8678be49fa7fb128497
- be0cfdde19f6943643e24facac5ab2809202c635
- 672b1d357a8411b81168b60d25ae967b0547fe69
Remediation
- Exercise caution when receiving messages from unknown senders.
- Block all threat indicators at your respective controls.
- Keep your software updated to the latest patches.
- Search for IOCs in your environment.