Rewterz Threat Advisory – CVE-2021-3640 Linux Kernel sco_send_frame function
July 23, 2021Rewterz Threat Alert – Dridex Banking Trojan – Active IOCs
July 23, 2021Rewterz Threat Advisory – CVE-2021-3640 Linux Kernel sco_send_frame function
July 23, 2021Rewterz Threat Alert – Dridex Banking Trojan – Active IOCs
July 23, 2021Severity
Medium
Analysis Summary
Smokeloader is a popular bot and a veteran in its field, this piece of malware is used mainly for loading other malicious software, usually obtained from a third party. At the same time, it has the capability of loading its own modules, allowing it to conduct a variety of actions without the usage of external components. The seller of Smokeloader (which is known by the handle SmokeLdr) is active in providing this malware as a service to this date.
Impact
- Exposure of sensitive information
Indicators of Compromise
MD5
- 773d01c3082deed6da2d5ebaf1058a5c
- 73d3a78e66a6b595b0bfacd301d2c518
- 66a2a7f0d83b797068895f9fcd2c886c
- d5efb3fa1e49790e1ab38141b089e379
SHA-256
- c8793b903031728f6e63e0e348b844879ed7cdd073ac17031f9ebba826292033
- ac4a02bea52792524b42d95b70128893d27ba266096832783bdea10ce780591b
- fb37334a0f31e9cac09d245e3ca86b08ca8df4a57ef9ec4b228bdb9869ed847b
- e43b4c22c80cef8222b4c80656a6ba5df323742d23cc4845de27de2866b84d28
SHA-1
- 95770848c54265e58e406b122b9d5a76b12c742f
- 5fa9e9c66f87d1c761cff8e5432e43825e8cc28e
- e345ce2ab871e58610450b09320305c9ff046e66
- 6f01357687282ede544fa8163f067729f6b38899
Remediation
- Block all threat indicators at your respective controls
- Keep your software patches updated
- Exercise caution when receiving messages from unknown third parties