SmokeLoader

Posted: July 10, 2018

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	8/10
Infected PCs:	13,645

First Seen:	December 15, 2012
Last Seen:	February 2, 2022
OS(es) Affected:	Windows

SmokeLoader is a Trojan downloader that may drop additional threats on your PC, including cryptocurrency-mining Trojans and spyware. Victims should assume that infection scenarios also include the potential leaking of their private data and backdoor access remote attackers. Always allow a dedicated anti-malware product to assist with removing SmokeLoader and any other threatening software that it may drop onto your PC.

Seeing through the Haze of Recent SmokeLoader Campaigns

Trojan downloaders and droppers are some of the most flexible threats in the threatening software industry and include ones with highly-dedicated payloads, along with those using configurable or rental models. Some of the newest attacks exploiting the features of SmokeLoader infections are appropriate demonstrations and show how this Trojan can operate in different positions of a chain of infections especially. However, the final step is always the installation of another threat with invasive features that may violate the user's privacy or hijack their PC's hardware.

Campaigns circulating SmokeLoader are using both corrupted e-mail attachments and Web browser-running vulnerabilities for exposing new victims to this threat. Depending on the essence of the attack, it may drop or undergo dropping by another threat, such as banking Trojans like Trojan.TrickBot. Although SmokeLoader has a small file size, it includes generous downloading and plugin support for running additional software with compartmentalized attack features.

As of some of the latest attacks,

SmokeLoader can run XMRig, a cryptocurrency-mining application that generates the Monero currency. Miners may use excessive system resources, cause performance issues, and, in extreme circumstances, instigate hardware burnout.
Trojan.TrickBot also is sometimes the result of a SmokeLoader infection, rather than the cause of it, and includes features for exfiltrating confidential online banking information.
Additional modules may use various methods, such as hooking into other processes, for collecting highly-specialized types of data, ranging from Web-browsing cookies or the contents of the Windows Credential Manager to FTP and SMTP credentials. TeamViewer's remote desktop software, also, is a prominent target.

Waving Off a Load of Software Smoke

Out of the most recent distribution efforts for SmokeLoader, malware experts are noting corrupted Word documents and the RIG Exploit Kit as being two of the primary infection vectors. Users should avoid enabling macros in unexpected e-mail-attached documents, which are usual means of circulating various threats. Careful Web-browsing settings, such as disabling JavaScript or advertisements, also may keep EKs from running automatically. Any exposure to a drive-by-download attempt can include non-corrupted websites with advertisements or other content that threat actors are hijacking automatically, along with the usual, dedicated corrupted domains (such as a fake software piracy website).

SmokeLoader's emphasis on downloading features makes it extremely likely that infections will include additional threats that this article may not outline. Cryptocurrency-mining software may or may not cause detectable symptoms or any long-term damage to the PC's hardware, but spyware-dedicated threats rarely show any symptomatic behavior. Users should protect their computers with active anti-malware solutions for deleting SmokeLoader preemptively, when possible, and re-secure their sensitive data by appropriate means, such as changing all passwords, afterward.

What size a Trojan is doesn't give much of an indication of how threatening it is to a computer. When countless threat actors are using the minuscule SmokeLoader for such variable purposes, predicting what it can do is more difficult than blocking off its attacks as early as is possible.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

file.exe

File name: file.exe
Size: 262.14 KB (262144 bytes)
MD5: a34ad9fadd373ce0f46b1c0497758577
Detection count: 82
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 1, 2017

file.exe

File name: file.exe
Size: 135.16 KB (135168 bytes)
MD5: 3b2ac28bad7dc336ec67851099a86221
Detection count: 54
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 31, 2017

c:\programdata\e77aae40\b30d7fb8\atx222.exe

File name: atx222.exe
Size: 960.51 KB (960512 bytes)
MD5: 7a2323d5dac16e3063b6c53d5dc51ab4
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: c:\programdata\e77aae40\b30d7fb8
Group: Malware file
Last Updated: August 24, 2019

file.exe

File name: file.exe
Size: 208.89 KB (208896 bytes)
MD5: 95394ac344aef9adb66e4d2ec662df03
Detection count: 2
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 4, 2017

SmokeLoader

Threat Metric

Seeing through the Haze of Recent SmokeLoader Campaigns

Waving Off a Load of Software Smoke

Technical Details

File System Modifications

Leave a Reply