Severity
Medium
Analysis Summary
Smokeloader is a popular bot and a veteran in its field, this piece of malware is used mainly for loading other malicious software, usually obtained from a third party. At the same time, it has the capability of loading its own modules, allowing it to conduct a variety of actions without the usage of external components. The seller of Smokeloader (which is known by the handle SmokeLdr) is active in providing this malware as a service to this date.
Impact
- Information Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- c4a7b64813c8e57198670a76afb73996
- ac381ed9d515babae30176a7daa1bb69
- 077496cb42014387e8781c100aab4b72
- 05979f1e7a741bfb32af8dde6b0d53a7
- 3c38f1e28de260162c04f495fb356acf
- afb53ed8919416e84de41add492e5e45
- b2bc458f777667b1da92ce555ebca20e
- e05d095389ccbb405fd16f49f3c69bb0
SHA-256
- 538d3533398c3f0adbd59483ced973cf35803de5e9356e8dafb5f6bea4049a30
- 1ef493ded6ef9a2510a901032b9f2f0fd5e13143e2a57542c6fe656efd946332
- 9ed81a80ff7b51eed1be9022a43e2cf6dcd6c6c74dbbda497deacdf627e20587
- e35984a57082baaa547ef6229bd1a3143510f041323f73a4d1ce001edb1f9a30
- 546999c44230a0d1ac480138772713b91c31662edd30c286ab8f8bd35baba2fe
- 3fdf21f7ad2430c552a8dc34c6fbaf82d95a0f44b9a7bd514d89ad3d074d345f
- 2366fbd5724e9da7e42dcf3a2ca9a6d72940fb02f50520e9333a6007543d133c
- 92ba8383ed7118beeb3c5a8ee0656c7437cdf8658bcc62342dfe41a3a08a8595
SHA-1
- f531e572031911cbb5b8d5c5c69def2c6e085223
- ef26c60086ec2bd508f7e499d5abfb6637d753bd
- 12d472f3382b8601ac64f056f3624682a1ed22ba
- 46eff608f9245eac91918adca566666155496da0
- 95175ca5d82b1cf9fc9378775b4092985c6ae2a3
- bd3ab93a28c9229018c3e80998ae30c6a1463416
- 9852841a0c18d629f32fcb8aee8064be101523cb
- c13a7446bb233901a5f0d04161723fadb310f9f8
Remediation
- Exercise caution when receiving messages from unknown senders.
- Block all threat indicators at your respective controls.
- Keep your software updated to the latest patches.
- Search for IOCs in your environment.