Rewterz Threat Alert – SmokeLoader Malware – Active IOCs

Severity

Medium

Analysis Summary

Smokeloader is a popular bot and a veteran in its field, this piece of malware is used mainly for loading other malicious software, usually obtained from a third party. At the same time, it has the capability of loading its own modules, allowing it to conduct a variety of actions without the usage of external components. The seller of Smokeloader (which is known by the handle SmokeLdr) is active in providing this malware as a service to this date.

Impact

• Information Theft
• Exposure of Sensitive Data

Indicators of Compromise

MD5

• 1dddcf60e86ce03c9d9c0041af67956f
• 5bf35fe0a754d03428ce517a453929fd
• 9a518d10065bc50f82a46ad5bbaecba8
• ae0c81e67caea27ab164697a6e82c4fe
• 5b8639f453da7c204942d918b40181de
• 1a280feb9ab6b8f0d264fbdfcade9325
• a6b572db00b94224d6637341961654cb
• 5f6f8e5a5e6ba53f8f785b575573451d

SHA-256

• 4fb40061609dc9158dbde8f462dee62ea1901fed66524580d41264edd483bed7
• f7f5246ecc2ad4cbab3627215ac60db3b098fd2cd9e575fd26cdc23a78fea77e
• 2ddf200c0af9f8b1e6626e6958b495e6631f790806b2a2bd0892deddc2370e05
• 0ee36078c94b22714e3e44b355e5e129e63bff8df02f0df13a2b1ff207f0f5f5
• d9008ee980c17de8330444223b212f1b6a441f217753471c76f5f6ed5857a7d6
• 0dba3fe5275b6a17b44b07baf6f717f908776000ddf62098c712ef89a577f12a
• 91ef165ad61d09dfda345f827b8ff78a18a3e40d8e12454cdb494d1555af7656
• 6f8a7657b62f79b148d6b930641ef70eb0d8bc909377439819a0db601ca1c0d8

SHA-1

• 915ee358e3edc75d8d368dfd14f2737590447159
• 8030c3749be83767de06a36999c018105b1bdc4f
• ac4cc71fa8b1218abc34231330b3f58d845c39a9
• 7478f88ae345623eb67792b9ea719e0ec6480bbf
• 2daed225238a9b1fe2359133e6d8e7e85e7d6995
• 669a25d48aa0cc91abeb37f08ae012defeb3fc20
• 9f0dbcce0496fede379ce4ecbfc2aa2afbb8ee8c
• 97b99adefc3ecca6be60c882b563853091f586ef

Remediation

• Exercise caution when receiving messages from unknown senders.
• Block all threat indicators at your respective controls.
• Keep your software updated to the latest patches.
• Search for IOCs in your environment.