Rewterz Threat Alert – Phobos Ransomware – Active IOCs
June 25, 2021Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
June 25, 2021Rewterz Threat Alert – Phobos Ransomware – Active IOCs
June 25, 2021Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
June 25, 2021Severity
Medium
Analysis Summary
Smokeloader is a popular bot and a veteran in its field, this piece of malware is used mainly for loading other malicious software, usually obtained from a third party. At the same time, it has the capability of loading its own modules, allowing it to conduct a variety of actions without the usage of external components. The seller of Smokeloader (which is known by the handle SmokeLdr) is active in providing this malware as a service to this date.
Impact
- Exposure of sensitive information
Indicators of Compromise
MD5
- 95af0f01d610c0285f1a473487a1887c
- bfaf1ced61ea80dc10b8ac87c18f355b
- 959dc048061d67487f876a4ac3772031
- 61b1be7f98dda2c776b1690824443d3b
SHA-256
- 02926bc699d257781c2d857e770a172d067018d176c361995650efe54ed37b63
- b8a8a6c3fe21172b98f35850739be0f78e44a30d0adb844e9f9ce7f05ce1751a
- 21c9e0035afa6d909b2149502034a349288bf50b93ab1bb1de30bc9116c4bd8c
- e0134766b0d0356293950129b461ae375001bd250fe3628b7f7347e1311e324d
SHA-1
- 34578e55bf2bd406b0a89ae70b53d4eefdb1373d
- 20895b5e62f36ef101bcbe5c5f81038570a897f3
- 482dcea131341e3873fd3269a47729326715f97d
- 5b2d2e9dd63ab48ace661d41c973fe79b0a979cb
Remediation
- Block all threat indicators at your respective controls
- Keep your software patches updated
- Exercise caution when receiving messages from unknown third parties