Rewterz Threat Alert – NJRAT – Active IOCs
September 30, 2021Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
September 30, 2021Rewterz Threat Alert – NJRAT – Active IOCs
September 30, 2021Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
September 30, 2021Severity
Medium
Analysis Summary
Smokeloader is a popular bot and a veteran in its field, this piece of malware is used mainly for loading other malicious software, usually obtained from a third party. At the same time, it has the capability of loading its own modules, allowing it to conduct a variety of actions without the usage of external components. The seller of Smokeloader (which is known by the handle SmokeLdr) is active in providing this malware as a service to this date.
Impact
- Information Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- dc395f4dd645bcbbe5f0f6ac7d3e7e30
- 863b0864bfdb8c36f05a9a557ffff073
- 274c6991aa6de1902595a26a05b047bc
- 5021c0258bf60f4ffe914b6955310b6c
SHA-256
- fdc36317f82d799e8bb458d13daa364255cda71cde0c0dc1a61c3eff70c2dede
- 490e6a1783d2bb28aa2979c577d132b4cada92f2d2184eb8f78ee7a6a6235814
- 55c1b61d5940df62b653aafd57802c01b94ce1d6581217556a2ee34183fd67a8
- d14036b4ab78b2c6121138471582c33a4bf0dbd2076f4c9e640d34a994fce2d3
SHA-1
- 9673a4e12bdac605b92aa0babfdd3bc537e82655
- 963f3271503438c7f5ec9f9c2f0e26aa85dfc97e
- d117b2257e6b0f7a4fcc3c066a9a6f654a4e78af
- dad0442eacc757ecba05d60b9c76f7e63c2d392c
Remediation
- Exercise caution when receiving messages from unknown senders.
- Block all threat indicators at your respective controls.
- Keep your software updated to the latest patches.
- Search for IOCs in your environment.