Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

SmokeBuster Tool

Nov. 5, 2024, 10:03 a.m.

Description

ThreatLabz has developed SmokeBuster, a tool to detect, analyze, and remove SmokeLoader malware from infected systems. Despite Operation Endgame's disruption in May 2024, SmokeLoader continues to be used by threat groups. SmokeBuster supports various SmokeLoader versions and Windows systems, offering features like uninstallation, thread control, and memory manipulation. The tool revealed bugs in recent SmokeLoader versions that significantly degrade system performance. These flaws stem from persistence implementation, infection checks, and inadequate thread and memory cleanup. The bugs cause repeated injections and thread creation, leading to system slowdown over time. SmokeBuster's capabilities may accelerate SmokeLoader's decline, especially given its performance-degrading flaws.

Date

Published: Oct. 31, 2024, 9:16 p.m.

Created: Oct. 31, 2024, 9:16 p.m.

Modified: Nov. 5, 2024, 10:03 a.m.

Attack Patterns

Dofoil

Smoke Loader - S0226

SmokeLoader

T1497

T1574

T1547

T1543

T1055

T1036

T1027

T1053

T1112

T1059