Rewterz Threat Alert – CryptBot Trojan – Active IOCs
August 20, 2021Rewterz Threat Alert –GandCrab Ransomware – Active IOCs
August 20, 2021Rewterz Threat Alert – CryptBot Trojan – Active IOCs
August 20, 2021Rewterz Threat Alert –GandCrab Ransomware – Active IOCs
August 20, 2021Severity
Medium
Analysis Summary
Smokeloader is a popular bot and a veteran in its field, this piece of malware is used mainly for loading other malicious software, usually obtained from a third party. At the same time, it has the capability of loading its own modules, allowing it to conduct a variety of actions without the usage of external components. The seller of Smokeloader (which is known by the handle SmokeLdr) is active in providing this malware as a service to this date.
Impact
- Exposure of Sensitive Data
- Information Theft
Indicators of Compromise
MD5
- a19f250d646bde9b47deec9023fd27f1
- b946cbd394d1a81712df966b92439dfd
- fa371744e181b2857a6038e1bca60fff
- 3af9cf17cebe23fd2624052c8aca14c7
SHA-256
- e74bc1681d06f6f4ab4f3eafaa576329266891516a23b6e8b96410f1b8578b96
- 06051cf2934898bcc716b95d1a9f131d724fafc0425a4745d5546d3d6b9fc027
- 92e576963128d956b98f423af33a3a2395e6a16f7d44855cfc2fff71c0651329
- 5152274dbe1cc44da156f29d1ff2858e583237bdc24ced137265cd3668ba851e
SHA-1
- 4daab7f5422fbcf14689aedfa353af3e1d07e64c
- 78fa370ffa7956f0cc5977457bb1c9b5bd68b6c2
- cfb4083f31532b7195bef15eefc88147162379b6
- 0ae28c274c69743c1fdbe92688d16c12eaeb924a
Remediation
- Exercise caution when receiving messages from unknown senders.
- Block all threat indicators at your respective controls.
- Keep your software updated to the latest patches.
- Search for IOCs in your respective controls.