Rewterz Threat Alert – SmokeLoader Malware – Active IOCs

Severity

Medium

Analysis Summary

Smokeloader is a popular bot and a veteran in its field, this piece of malware is used mainly for loading other malicious software, usually obtained from a third party. At the same time, it has the capability of loading its own modules, allowing it to conduct a variety of actions without the usage of external components. The seller of Smokeloader (which is known by the handle SmokeLdr) is active in providing this malware as a service to this date.

Impact

• Information Theft
• Exposure of Sensitive Data

Indicators of Compromise

MD5

• 9cbeaec69e8a689be6f44233e904f974
• 7c71fc6f5f0d363bc69f05b1a5dabb1a
• afaa0a1d412eb3e4f9d65aaf38b5a854
• 19b07bfa4ba4cffba03dff47a9efdf36
• 5ed0d138e3d441f0e9b2af4edd83589d
• f5505eb7c39ad86f08d792639777e52e
• 160e7dec4af3bb447093f15c275c04a0

SHA-256

• 5fc28b6277bc34e758ec1d047cccdb13b7d5358e0ae4d34249f7b017312ee307
• def1513f311912ff63f0c478e2b3533223008c89730bf360189a76c7088c9126
• 0a1843c1744835bbc1a8824d4e7000f44016f374e5f6826ad996d5eaa5098a98
• 79c00db1607b8f07618ee3f90f5c4e160c7de05bce6380a7de83171e2eac11d4
• 9f3dec0a7c87752adf73a31d927609a05570f72799d243d82978dc4428d3ecbd
• 758c13d826f252d3bf62db08900519f34bca0ffebf4c8ef0d86a1f624e967021
• 6884fa613525c3d557cffef160c272b7479656b6d34ef00a527504758274ccaa

SHA-1

• e6d5033925172117cb58da906effaf725436d732
• 37ba611c4a7471898768dada4d7bf75f14eab20f
• d241b8bf5ba6073f7e018f04d9c6a834a4e0d92d
• 0629443d410c7ef3cdec3528c257022f4700d062
• 87784eac3cccf102ba106a121a3ee322b462fc4d
• dc33ae95ffc6019a9fb2a08fb95293a29ecf2465
• dcd81053eedef3cddeae6a356336483eb4e53b7d

Remediation

• Exercise caution when receiving messages from unknown senders.
• Block all threat indicators at your respective controls.
• Keep your software updated to the latest patches.
• Search for IOCs in your environment.