The PhishLabs Blog

Smoke Loader Adds Additional Obfuscation Methods to Mitigate Analysis

Posted by Jason Davison, Threat Analyst on Aug 4, '17

 Sample Analyzed:
415a75cd01a4b00385c974b59bbbd3e5211a985bf2560d7639d464fd5a56e9e6

Smoke Loader, also known as Dofoil, has been advertised on dark web forums since at least mid 2011.[1] Since initial release, this modular loader has continued to evolve with the addition of more complex anti-analysis techniques. Modular loaders such as this work by communicating with the command and control infrastructures to receive secondary execution instructions and/or to download additional functional modules, providing multiple stages of infection. Currently, Smoke Loader’s primary delivery method is via exploit kits, primarily Rig EK. Smoke Loader is commonly used to load the Trickbot banking Trojan and Globe Imposter ransomware.

Read More

Topics: Malware, Smoke Loader

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events

Calendar_Mock_

Posts by Topic

see all