Rewterz Threat Alert – DanaBot Trojan – Active IOCs
August 17, 2021Rewterz Threat Alert – NetWire RAT Malware – Active IOCs
August 17, 2021Rewterz Threat Alert – DanaBot Trojan – Active IOCs
August 17, 2021Rewterz Threat Alert – NetWire RAT Malware – Active IOCs
August 17, 2021Severity
High
Analysis Summary
Smokeloader is a popular bot and a veteran in its field, this piece of malware is used mainly for loading other malicious software, usually obtained from a third party. At the same time, it has the capability of loading its own modules, allowing it to conduct a variety of actions without the usage of external components. The seller of Smokeloader (which is known by the handle SmokeLdr) is active in providing this malware as a service to this date.
Impact
- Exposure of Sensitive Data
- Information Theft
Indicators of Compromise
MD5
- 11d57daf30ca3e02d82760025034d970
- 488935e18ff624c2b3ce582665c5f554
- 6435e2d836343e39c2f27c474a1065de
- 6597148ba8b6a0d6f2232d11aa291100
SHA-256
- d303cc49119b3f27b904cc0dc168bb1c8cf45c88695dfbc850a595859625ac01
- 9838a4a902ce7a56adf417d595b7d98258f1ccd6a2b6beebdfd43133edeaacd2
- e007bd0e0d0d1a6374a423338bc23a72483932b0e47a3eec3d4ace18f9f09173
- 341affdc32c116eeac3bc8af74eeec475feb728b9bc8a56a4b35ad4755707d5e
SHA-1
- 18dbef336c70b6fbe50926602b3305299c258848
- bf47923ee49f735ad367a19a41dad2c1c6e48db2
- 393c47f5fad13e52ea45c72392aa5b237cd8b75d
- 7a5d27cfae50ba988a4f624409343cef0f4420a3
Remediation
- Exercise caution when receiving messages from unknown senders.
- Block all threat indicators at your respective controls.
- Keep your software updated to latest patches.
- Search for IOCs in your respective controls.