March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
September 2, 2021
Rewterz Threat Advisory – Multiple Adobe Security Vulnerabilities
September 2, 2021
Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
September 2, 2021
Rewterz Threat Advisory – Multiple Adobe Security Vulnerabilities
September 2, 2021
Severity
Medium
Analysis Summary
Smokeloader is a popular bot and a veteran in its field, this piece of malware is used mainly for loading other malicious software, usually obtained from a third party. At the same time, it has the capability of loading its own modules, allowing it to conduct a variety of actions without the usage of external components. The seller of Smokeloader (which is known by the handle SmokeLdr) is active in providing this malware as a service to this date.
Impact
- Information Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 169974405a4a307f5fdc567be052fe1c
- 2267a04525aa70c24188024aa1bc97fb
- 64eb03c90532e94b704cdf9e1adacdd2
- a0ff9feca6c833232a373bfa87a12fe4
- 8b7bcda0a8a9cb560199ddd14e990b29
- 78c4cd34c18ff8f47d45154e00c051ea
- 5e20b0310b3c881eaeda937ef5984df5
- fb19e596c303402d24e61e734b0243b2
- 7b9b0197f1ed02fd7830a7e588a1c7a4
- 57506c6106f4c4e9b795d68f247a7bf0
- 3303b0c75753ea25cf206b81ad24816b
- 00f5a6c2a949d8b76658de1824f2bd33
- 64a9363619a7f89264d8c5b0239e557e
- b5491eb6f1b1189534db9aa4c4534915
- abea1f518f0b3957a1755eae02698ca3
- 7b1e08adae5f1373c4b845a09982d0a3
SHA-256
- 243ee6967be83b8324bd892ccfbc21ab1e005ab4a9174b37c8fc4ba1421ebfae
- 729556d6544403608fec7624c811c16dd99d8bc531a1271d5c3010335f552eb5
- 0fc23c2e005cdfed1a0380dd7a06dda83b882f8d392c7f157b783822d21d78a1
- d099248216fb527efe12e91d1fb1816e39f94578dd5865af3767f7e01f62a804
- 0df566c7b904cbd86fccc39da9847d04ebac7e9674962657b9733c46b691b357
- 9ca5a6f567923b56d1c6a548f363d3b8867f987fd3d07187023a5fd4eb6fb970
- 12f2464bd2766a5b9d12729ee49c35477a36a81ecc8c57bced113368371a637c
- 1d429c59f58e2c07f5164eff132eb6ccaf916c6188309458322a28048a7b3df9
- 376c4d62f6922dfcfb27c519f56d39ffbffbb82666cb2e4c96578aa1e6321523
- 11577fc5b67317c24be99806ce1d5a41b5eac4dc96d1eb23983e1bbea2d003e4
- 20aa3c2a16c3177eba7e04fd0ee0960f8fca642d8a418c14159da5572b1942a9
- 2c4f512caedb6980b42f73b3062d3571d41d233fd173379a3ad158f97f8f473c
- 758f3cefec9a059f0933e897bc0c628fe2b7b56f670e95093225b706d18b928a
- 1b9d29f4887cb5ec2f7980f3b51fccf0eb699bf81361b31342e9a895cc362c8d
- e651a40b14c10f0c8ba9c4fb3cd648a04cad7f226e4a0a25664135e0ce5f4b52
SHA-1
- b854e79e6978758fbd3d601008db33aa437141df
- a281bb18afa1262e674d086ab59c133b1f6100ad
- a7e57538140ff4f4ad9e0239644a282e27e81b87
- 71e2a1d7d518bc9fc6b99522fe87d1f77f5a6aea
- 28b4badfa8544a4b76f3bc33433978f6ccb3a7d6
- 169a8083e00168c02425dae25ff12feae9facde9
- 1b3888ac8ffc0538431711aae5268db323a1b95f
- 2d91eb23914003dce947a156f57ccb93650e500c
- 732474ad1ee1a9c533d18f02e8dec4e1256a74e1
- 937d9694d68082c8d12fc0d31965514c881e2eab
- 7d0cc5d5cf15557ea2d48674d0619a907f078f73
- 98343e79c11afe8a27a4d1072938a6a19b16bdae
- 19799e326bded5eb3674c3bdc2e55580c537fe38
- b3130e09832595c47cfb06a883388fabdd5bc488
- 4838a531872de3ed82dc9e191c9a582fb5ea530c
Remediation
- Exercise caution when receiving messages from unknown senders.
- Block all threat indicators at your respective controls.
- Keep your software updated to the latest patches.
- Search for IOCs in your environment.