Rewterz Threat Alert – Dark Crystal RAT – Active IOCs
December 6, 2021Rewterz Threat Alert – DJVU Ransomware – Active IOCs
December 6, 2021Rewterz Threat Alert – Dark Crystal RAT – Active IOCs
December 6, 2021Rewterz Threat Alert – DJVU Ransomware – Active IOCs
December 6, 2021Severity
Medium
Analysis Summary
Smokeloader is a popular bot and a veteran in its field, this piece of malware is used mainly for loading other malicious software, usually obtained from a third party. At the same time, it has the capability of loading its own modules, allowing it to conduct a variety of actions without the usage of external components. The seller of Smokeloader (which is known by the handle SmokeLdr) is active in providing this malware as a service to this date.
Impact
- Information Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 9cbeaec69e8a689be6f44233e904f974
- 7c71fc6f5f0d363bc69f05b1a5dabb1a
- afaa0a1d412eb3e4f9d65aaf38b5a854
- 19b07bfa4ba4cffba03dff47a9efdf36
- 5ed0d138e3d441f0e9b2af4edd83589d
- f5505eb7c39ad86f08d792639777e52e
- 160e7dec4af3bb447093f15c275c04a0
SHA-256
- 5fc28b6277bc34e758ec1d047cccdb13b7d5358e0ae4d34249f7b017312ee307
- def1513f311912ff63f0c478e2b3533223008c89730bf360189a76c7088c9126
- 0a1843c1744835bbc1a8824d4e7000f44016f374e5f6826ad996d5eaa5098a98
- 79c00db1607b8f07618ee3f90f5c4e160c7de05bce6380a7de83171e2eac11d4
- 9f3dec0a7c87752adf73a31d927609a05570f72799d243d82978dc4428d3ecbd
- 758c13d826f252d3bf62db08900519f34bca0ffebf4c8ef0d86a1f624e967021
- 6884fa613525c3d557cffef160c272b7479656b6d34ef00a527504758274ccaa
SHA-1
- e6d5033925172117cb58da906effaf725436d732
- 37ba611c4a7471898768dada4d7bf75f14eab20f
- d241b8bf5ba6073f7e018f04d9c6a834a4e0d92d
- 0629443d410c7ef3cdec3528c257022f4700d062
- 87784eac3cccf102ba106a121a3ee322b462fc4d
- dc33ae95ffc6019a9fb2a08fb95293a29ecf2465
- dcd81053eedef3cddeae6a356336483eb4e53b7d
Remediation
- Exercise caution when receiving messages from unknown senders.
- Block all threat indicators at your respective controls.
- Keep your software updated to the latest patches.
- Search for IOCs in your environment.