Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
June 9, 2021Rewterz Informative Update – Phishing Campaign using Social Engineering
June 9, 2021Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
June 9, 2021Rewterz Informative Update – Phishing Campaign using Social Engineering
June 9, 2021Severity
Medium
Analysis Summary
Smokeloader is a popular bot and a veteran in its field, this piece of malware is used mainly for loading other malicious software, usually obtained from a third party. At the same time, it has the capability of loading its own modules, allowing it to conduct a variety of actions without the usage of external components. The seller of Smokeloader (which is known by the handle SmokeLdr) is active in providing this malware as a service to this date.
Impact
- Exposure of sensitive information
Indicators of Compromise
MD5
- 4146dcbc7ec746c54beb7d4747d7bcbf
- a191baf9048803e7a553219d9837a0b2
- 4af84eeace78f951a5f053c8c6c03e96
- f4533adf140bfcd646e68f3642734b8f
SHA-256
- dbb1c6fee1c0460d1bdadb9126633774758174ce82a64a00212853e90b23085f
- a28de4b46a3c8e84aa0467a2c1a40da5855ef76a8c75511b0bf072470cdc3d8e
- 5e6932fbfebe00b2c44d7e74bb8409b55ad7abe92507c56887ded333684fcd92
- 7ee86891ee7faf4875a68fb6f49762c21df4a4b152022ac3018e640c180cf601
SHA-1
- ac107a6212be7f8ad69f97c6d74bd5bfea8e2714
- 88e2cb08da2466bbeb2f0f5da66868fc2e481543
- 057d3de9f48d6ad6d391377535eb1a98b94ca31c
- 0467cc00b2e8a8238169a907444546ddefa01afa
Remediation
- Block all threat indicators at your respective controls
- Keep your software patches updated
- Exercise caution when receiving messages from unknown third parties