Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
September 21, 2021Rewterz Threat Advisory – Multiple VMware vCenter Vulnerabilities
September 22, 2021Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
September 21, 2021Rewterz Threat Advisory – Multiple VMware vCenter Vulnerabilities
September 22, 2021Severity
Medium
Analysis Summary
Smokeloader is a popular bot and a veteran in its field, this piece of malware is used mainly for loading other malicious software, usually obtained from a third party. At the same time, it has the capability of loading its own modules, allowing it to conduct a variety of actions without the usage of external components. The seller of Smokeloader (which is known by the handle SmokeLdr) is active in providing this malware as a service to this date.
Impact
- Information Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- d65981e35d287cb19e3f43f9c8bc4615
- fa890239dcd39d10af5fccfe5dcb5e94
- 426f4ee516bca7d859ef9af7f9e5445f
SHA-256
- d2c1b2294b384aa785971accb50777039c7d16f091de0771f62be8e7be4f7596
- 1e611c8f9839287f17e95aa9d53fde2c2d82e3d012b7cec2e5a8f495bc9ea632
- a738d45fe5f3df597c5bcd1ba8a973d8cbe1521504421510b456ce37f56a56ea
SHA-1
- 35db34db24cd41efefa86fd02d906c152d4ecab8
- 9b9de37793136b207d84260ebb4b7cbf2ae05699
- 62ebb87a50860156570e1f1857ae9a33524e28c5
Remediation
- Exercise caution when receiving messages from unknown senders.
- Block all threat indicators at your respective controls.
- Keep your software updated to the latest patches.
- Search for IOCs in your environment.