Severity
Medium
Analysis Summary
Smokeloader is a popular bot and a veteran in its field, this piece of malware is used mainly for loading other malicious software, usually obtained from a third party. At the same time, it has the capability of loading its own modules, allowing it to conduct a variety of actions without the usage of external components. The seller of Smokeloader (which is known by the handle SmokeLdr) is active in providing this malware as a service to this date.
Impact
- Information Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 1dddcf60e86ce03c9d9c0041af67956f
- 5bf35fe0a754d03428ce517a453929fd
- 9a518d10065bc50f82a46ad5bbaecba8
- ae0c81e67caea27ab164697a6e82c4fe
- 5b8639f453da7c204942d918b40181de
- 1a280feb9ab6b8f0d264fbdfcade9325
- a6b572db00b94224d6637341961654cb
- 5f6f8e5a5e6ba53f8f785b575573451d
SHA-256
- 4fb40061609dc9158dbde8f462dee62ea1901fed66524580d41264edd483bed7
- f7f5246ecc2ad4cbab3627215ac60db3b098fd2cd9e575fd26cdc23a78fea77e
- 2ddf200c0af9f8b1e6626e6958b495e6631f790806b2a2bd0892deddc2370e05
- 0ee36078c94b22714e3e44b355e5e129e63bff8df02f0df13a2b1ff207f0f5f5
- d9008ee980c17de8330444223b212f1b6a441f217753471c76f5f6ed5857a7d6
- 0dba3fe5275b6a17b44b07baf6f717f908776000ddf62098c712ef89a577f12a
- 91ef165ad61d09dfda345f827b8ff78a18a3e40d8e12454cdb494d1555af7656
- 6f8a7657b62f79b148d6b930641ef70eb0d8bc909377439819a0db601ca1c0d8
SHA-1
- 915ee358e3edc75d8d368dfd14f2737590447159
- 8030c3749be83767de06a36999c018105b1bdc4f
- ac4cc71fa8b1218abc34231330b3f58d845c39a9
- 7478f88ae345623eb67792b9ea719e0ec6480bbf
- 2daed225238a9b1fe2359133e6d8e7e85e7d6995
- 669a25d48aa0cc91abeb37f08ae012defeb3fc20
- 9f0dbcce0496fede379ce4ecbfc2aa2afbb8ee8c
- 97b99adefc3ecca6be60c882b563853091f586ef
Remediation
- Exercise caution when receiving messages from unknown senders.
- Block all threat indicators at your respective controls.
- Keep your software updated to the latest patches.
- Search for IOCs in your environment.