SmokeBuster Tool

Tags

External References

• https://github.com/
• https://www.zscaler.com/
• https://otx.alienvault.com/

Description

ThreatLabz has developed SmokeBuster, a tool to detect, analyze, and remove SmokeLoader malware from infected systems. Despite Operation Endgame's disruption in May 2024, SmokeLoader continues to be used by threat groups. SmokeBuster supports various SmokeLoader versions and Windows systems, offering features like uninstallation, thread control, and memory manipulation. The tool revealed bugs in recent SmokeLoader versions that significantly degrade system performance. These flaws stem from persistence implementation, infection checks, and inadequate thread and memory cleanup. The bugs cause repeated injections and thread creation, leading to system slowdown over time. SmokeBuster's capabilities may accelerate SmokeLoader's decline, especially given its performance-degrading flaws.

Date