Rewterz Threat Alert – Remcos RAT – Active IOCs
June 15, 2021Rewterz Threat Alert – Trickbot Malware- Active IOCs
June 15, 2021Rewterz Threat Alert – Remcos RAT – Active IOCs
June 15, 2021Rewterz Threat Alert – Trickbot Malware- Active IOCs
June 15, 2021Severity
Medium
Analysis Summary
Smokeloader is a popular bot and a veteran in its field, this piece of malware is used mainly for loading other malicious software, usually obtained from a third party. At the same time, it has the capability of loading its own modules, allowing it to conduct a variety of actions without the usage of external components. The seller of Smokeloader (which is known by the handle SmokeLdr) is active in providing this malware as a service to this date.
Impact
- Exposure of sensitive information
Indicators of Compromise
MD5
- 9ac51bd3c36f07d706504528344035fb
- 04e1ac4533bfd2317f386be4b581d3b7
- d4eef312585f42652333d0d421b7bfba
- 8f06bea58f5c36198c02dd3900daa035
- bbb504c57b721679c2ae53ae25fb773a
- 8246216c48e892ee868d59b4ed7696c1
- d7a9570e39d7d37c96c2aa839eac241c
- 7ce28cefccb07e64fd18ee21112a06c9
- 28f698c1d3344c7e481959c19e73d737
- f976c1440227a83de660294311742e58
SHA-256
- 0665a839880595b55d3478cf74893e0296de8bb38cf7ab5e0a4051512870a597
- 35b0b4a5887946b4f94b5c10118d65aad30c96be602a4548742386d61018a7e2
- 09cc51eaf0fce764ab0ae16c89f1924b12771cca6f2ca43427ef6764db908bf3
- 427fb58726e2c9632bf9dedb78bc6492d96e2126280aace443d8b7ccd1c93297
- 67b25623a202e220bce82666699ac9348f3b41231021f527215e809fcc808be9
- abf7a071a5d74280b50575bc86c1476f6e56c72ea16825981ecb2612a49936fc
- 0d813d816d0151221640d2288ec080d72eff292cc2da30a833a77112d3151799
- b781e9c6ec2a0e5fc832648a87d09816aff4f0af70b0df558fd566a4aaff7e93
- fafff6b6a2fd0bdbee1d87fb66bff69586ef1f5a61306dfc43c75b11950675fd
- 079a9a1bd4a9b3bd523a22bdeba23525cf9a64e1e1741fb0e64758a9761205bd
- a688c4973e78911bc4d1c7dccd1e9a85c07928d9e3b56c66a89c92b3c8110eb8
- 289178ce39286795a96ec32d1e73e123417a015b3940e741f2e7509e39c0fc65
SHA-1
- 251a0efd667e4efdc89151782bdc8ff83bec1ff0
- 49a42d32e6f82f0f9e342e7927d91c999548b868
- ef08f58a71c4d79e83e881654a04b6a23432de15
- b7366caf81bda296093f0acae36edc4459f889f0
- c74023b747e64d148c5a6d5a0a5c24446bd3f04c
- 02b92b40a0d291eed370c39901032f45166dca51
- 68613f933a78eac123bfe1e349e80545d24666ac
- f1032eeba4ea17953471e6976ec8e1dcbb0fbeb3
- 321f11722a427a78f88a1d37e7f971bcaf819a3a
- 87b1d4c0cf7dee22d28465a9c649e3a8bb75d236
Remediation
- Block all threat indicators at your respective controls
- Keep your software patches updated
- Exercise caution when receiving messages from unknown third parties