Request a Demo
Rewterz
Rewterz Threat Alert – Remcos RAT – Active IOCs
June 15, 2021
Rewterz
Rewterz Threat Alert – Trickbot Malware- Active IOCs
June 15, 2021

Rewterz Threat Alert – SmokeLoader Malware – Active IOCs

Severity

Medium

Analysis Summary

Smokeloader is a popular bot and a veteran in its field, this piece of malware is used mainly for loading other malicious software, usually obtained from a third party. At the same time, it has the capability of loading its own modules, allowing it to conduct a variety of actions without the usage of external components. The seller of Smokeloader (which is known by the handle SmokeLdr) is active in providing this malware as a service to this date.

Impact

  • Exposure of sensitive information

Indicators of Compromise

MD5

  • 9ac51bd3c36f07d706504528344035fb
  • 04e1ac4533bfd2317f386be4b581d3b7
  • d4eef312585f42652333d0d421b7bfba
  • 8f06bea58f5c36198c02dd3900daa035
  • bbb504c57b721679c2ae53ae25fb773a
  • 8246216c48e892ee868d59b4ed7696c1
  • d7a9570e39d7d37c96c2aa839eac241c
  • 7ce28cefccb07e64fd18ee21112a06c9
  • 28f698c1d3344c7e481959c19e73d737
  • f976c1440227a83de660294311742e58

SHA-256

  • 0665a839880595b55d3478cf74893e0296de8bb38cf7ab5e0a4051512870a597
  • 35b0b4a5887946b4f94b5c10118d65aad30c96be602a4548742386d61018a7e2
  • 09cc51eaf0fce764ab0ae16c89f1924b12771cca6f2ca43427ef6764db908bf3
  • 427fb58726e2c9632bf9dedb78bc6492d96e2126280aace443d8b7ccd1c93297
  • 67b25623a202e220bce82666699ac9348f3b41231021f527215e809fcc808be9
  • abf7a071a5d74280b50575bc86c1476f6e56c72ea16825981ecb2612a49936fc
  • 0d813d816d0151221640d2288ec080d72eff292cc2da30a833a77112d3151799
  • b781e9c6ec2a0e5fc832648a87d09816aff4f0af70b0df558fd566a4aaff7e93
  • fafff6b6a2fd0bdbee1d87fb66bff69586ef1f5a61306dfc43c75b11950675fd
  • 079a9a1bd4a9b3bd523a22bdeba23525cf9a64e1e1741fb0e64758a9761205bd
  • a688c4973e78911bc4d1c7dccd1e9a85c07928d9e3b56c66a89c92b3c8110eb8
  • 289178ce39286795a96ec32d1e73e123417a015b3940e741f2e7509e39c0fc65

SHA-1

  • 251a0efd667e4efdc89151782bdc8ff83bec1ff0
  • 49a42d32e6f82f0f9e342e7927d91c999548b868
  • ef08f58a71c4d79e83e881654a04b6a23432de15
  • b7366caf81bda296093f0acae36edc4459f889f0
  • c74023b747e64d148c5a6d5a0a5c24446bd3f04c
  • 02b92b40a0d291eed370c39901032f45166dca51
  • 68613f933a78eac123bfe1e349e80545d24666ac
  • f1032eeba4ea17953471e6976ec8e1dcbb0fbeb3
  • 321f11722a427a78f88a1d37e7f971bcaf819a3a
  • 87b1d4c0cf7dee22d28465a9c649e3a8bb75d236

Remediation

  • Block all threat indicators at your respective controls
  • Keep your software patches updated
  • Exercise caution when receiving messages from unknown third parties